Media Scanning Vulnerability in Samsung Galaxy S6 Edge Face Recognition Library
CVE-2015-7897

Currently unrated

Key Information:

Vendor: Samsung
Status: Galaxy S6
Vendor: CVE Published:; 16 November 2015

What is CVE-2015-7897?

The media scanning function within the face recognition library of the Samsung Galaxy S6 Edge is susceptible to memory corruption due to inadequate validation of BMP image files. An attacker can exploit this vulnerability to execute remote commands, potentially elevating privileges or causing a denial of service. This risk arises when specially crafted BMP images are processed by the device, creating an avenue for malicious activity that could impact users.

References

http://googleprojectzero.blogspot.com/2015/11/hack-galaxy...

x_refsource_MISC

https://code.google.com/p/google-security-research/issues...

x_refsource_MISC

http://packetstormsecurity.com/files/134199/Samsung-Galax...

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 16, 2015
Vulnerability Reserved
Oct 22, 2015