Memory Corruption Vulnerability in libsubextractor.so Prior to SMR Nov-2024 Release 1

CVE-2024-34676

7.3HIGH

Key Information

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 6 November 2024

Summary

Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.

Affected Version(s)

Samsung Mobile Devices <= SMR Nov-2024 Release in Android 12, 13, 14

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 6, 2024
Vulnerability Reserved.
May 7, 2024

Collectors

NVD DatabaseMitre Database