Out-of-Bounds Write in DNG Format Parsing in Samsung Media Codec
CVE-2026-21048

8.4HIGH

Key Information:

Vendor

Samsung

Vendor
CVE Published:
10 July 2026

What is CVE-2026-21048?

A vulnerability exists in the parsing of DNG format within libimagecodec.media.quram.so prior to the SMR Jul-2026 Release 1 from Samsung. This flaw allows remote attackers to perform an out-of-bounds write, potentially enabling unwanted access and manipulation of memory during image processing.

Affected Version(s)

Samsung Mobile Devices SMR Jul-2026 Release in Android 14, 15, 16

References

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.