CVE-2020-8899 : There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's

There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747.

Published 2020-05-06 17:15:14

Updated 2024-05-21 05:15:49

Source Google Inc.

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionExecute code

Products affected by CVE-2020-8899

Google » Android » Version: 8.0
cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
Matching versions
Google » Android » Version: 8.1
cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
Matching versions
Google » Android » Version: 9.0
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
Matching versions
Google » Android » Version: 10.0
cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-8899

EPSS FAQ

10.20%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-8899

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.7	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:P	10.0	9.5	Google Inc.
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Partial
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
10.0	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L	3.9	6.0	Google Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: Low
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-8899

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Assigned by: cve-coordination@google.com (Secondary)
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-8899

https://security.samsungmobile.com/securityUpdate.smsb

Android Security Updates Details | Samsung Mobile Security
Vendor Advisory

CVEs referencing this url
https://www.kb.cert.org/vuls/id/366027

VU#366027 - Samsung Qmage codec for Android Skia library does not properly validate image files
Third Party Advisory;US Government Resource
https://bugs.chromium.org/p/project-zero/issues/detail?id=2002

2002 - Samsung Android multiple interactionless RCEs and other remote access issues in Qmage image codec built into Skia - project-zero
Exploit;Issue Tracking;Third Party Advisory
http://packetstormsecurity.com/files/157620/Samsung-Android-Remote-Code-Execution.html

Samsung Android Remote Code Execution ≈ Packet Storm
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2020-8899

Products affected by CVE-2020-8899

Exploit prediction scoring system (EPSS) score for CVE-2020-8899

CVSS scores for CVE-2020-8899

CWE ids for CVE-2020-8899

References for CVE-2020-8899