Arbitrary Code Execution Vulnerability in Librtppayload.so Pre-Oct-2024 Release 1
CVE-2024-34666

8.8HIGH

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 8 October 2024

Summary

The vulnerability involves an out-of-bounds write in the parsing of H.264 format within the shared library librtppayload.so, found in certain Samsung devices. This issue can potentially allow remote attackers to execute arbitrary code with system privileges, but requires user interaction to trigger the vulnerability. Users of affected products should be aware of the risk and ensure timely updates to the latest release, which addresses this security concern.

Affected Version(s)

Samsung Mobile Devices SMR Oct-2024 Release in Android 12, 13, 14

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
May 7, 2024