Attackers Can Access Other Users' Video Files Through Improper Input Validation in SamsungVideoPlayer
CVE-2024-34672

5.5MEDIUM

Key Information:

Vendor: Samsung
Status: Samsungvideoplayer
Vendor: CVE Published:; 8 October 2024

What is CVE-2024-34672?

An input validation vulnerability exists in the Samsung Video Player that affects multiple versions across different Android platforms. This flaw enables local attackers to gain unauthorized access to video files belonging to other users, potentially leading to unauthorized information disclosure. The vulnerability impacts users on Android 12, Android 13, and Android 14, highlighting the critical need for users to update their video player application to versions that address this security issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SamsungVideoPlayer 7.3.29.1 in Android 12, 7.3.36.1 in Android 13 and 7.3.41.230 in Android 14

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
May 7, 2024

JSON

Samsung