← back
CVE-2025-21043

CVE-2025-21043

CVSS 8.8 HIGHEPSS 1.4%● KEV
In short

A flaw in the libimagecodec.quram.so library allows attackers to write data beyond the intended memory boundaries, potentially letting them run malicious code on affected devices. This vulnerability can be exploited remotely without requiring special access.

Technical detail

Out-of-bounds write vulnerability in libimagecodec.quram.so enables remote code execution through memory corruption. Attack vector is likely image processing; no authentication or user interaction prerequisites clearly stated. Impact is arbitrary code execution with the privileges of the affected process.

Summary generated and translated by AI from the official description.
Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Samsung Mobile · Samsung Mobile Devices

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21043