CVE-2020-25278
First published: Fri Sep 11 2020(Updated: )
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung IDs are SVE-2020-18088, SVE-2020-18225, SVE-2020-18301 (September 2020).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | =8.0 | |
| Android | =8.1 | |
| Android | =9.0 | |
| Android | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-25278?
CVE-2020-25278 has a high severity rating due to its potential to allow arbitrary code execution on affected devices.
How do I fix CVE-2020-25278?
To mitigate CVE-2020-25278, users should update their Samsung mobile devices to the latest security patches provided by Samsung.
Which devices are affected by CVE-2020-25278?
CVE-2020-25278 affects Samsung mobile devices running Android versions 8.0, 8.1, 9.0, and 10.0.
What type of attacks does CVE-2020-25278 enable?
CVE-2020-25278 enables attackers to overwrite memory and execute arbitrary code via specially crafted JPEG images.
Is CVE-2020-25278 specific to any particular app?
CVE-2020-25278 is not specific to any app; it affects the Quram image codec library utilized by Samsung devices during JPEG decoding.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/google
- canonical/android
- version/android/8.0
- version/android/8.1
- version/android/9.0
- version/android/10.0