{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Android OS","vendor":"Samsung","versions":[{"status":"affected","version":"9.0","versionType":"custom"},{"status":"affected","version":"10.0","versionType":"custom"},{"status":"affected","version":"8.0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Mateusz Jurczyk of Google Project Zero"}],"datePublic":"2020-05-05T14:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747.</p>"}],"value":"There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":10,"baseSeverity":"CRITICAL","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-122","description":"CWE-122 Heap-based Buffer Overflow","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"14ed7db2-1595-443d-9d34-6215bf890778","shortName":"Google","dateUpdated":"2024-05-24T10:44:54.075Z"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://security.samsungmobile.com/securityUpdate.smsb"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=2002"},{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/157620/Samsung-Android-Remote-Code-Execution.html"},{"name":"VU#366027","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"https://www.kb.cert.org/vuls/id/366027"}],"source":{"discovery":"INTERNAL"},"title":"Memory corruption in Quram library when decoding qmg can lead to RCE","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@google.com","DATE_PUBLIC":"2020-05-06T16:00:00.000Z","ID":"CVE-2020-8899","STATE":"PUBLIC","TITLE":"Memory corruption in Quram library when decoding qmg can lead to RCE"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Android OS","version":{"version_data":[{"version_affected":">=","version_name":"Oreo","version_value":"8.x"},{"version_affected":"=","version_name":"Pie","version_value":"9.0"},{"version_affected":"=","version_name":"Q","version_value":"10.0"}]}}]},"vendor_name":"Samsung"}]}},"credit":[{"lang":"eng","value":"Mateusz Jurczyk of Google Project Zero"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":10,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L","version":"3.1"},{"baseScore":"9.7","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:P","version":"2.0"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-122 Heap-based Buffer Overflow"}]}]},"references":{"reference_data":[{"name":"https://security.samsungmobile.com/securityUpdate.smsb","refsource":"CONFIRM","url":"https://security.samsungmobile.com/securityUpdate.smsb"},{"name":"https://bugs.chromium.org/p/project-zero/issues/detail?id=2002","refsource":"CONFIRM","url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=2002"},{"name":"http://packetstormsecurity.com/files/157620/Samsung-Android-Remote-Code-Execution.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/157620/Samsung-Android-Remote-Code-Execution.html"},{"name":"VU#366027","refsource":"CERT-VN","url":"https://www.kb.cert.org/vuls/id/366027"}]},"source":{"discovery":"INTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T10:12:10.997Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.samsungmobile.com/securityUpdate.smsb"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=2002"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/157620/Samsung-Android-Remote-Code-Execution.html"},{"name":"VU#366027","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"https://www.kb.cert.org/vuls/id/366027"}]}]},"cveMetadata":{"assignerOrgId":"14ed7db2-1595-443d-9d34-6215bf890778","assignerShortName":"Google","cveId":"CVE-2020-8899","datePublished":"2020-05-06T16:25:12.588Z","dateReserved":"2020-02-12T00:00:00.000Z","dateUpdated":"2024-09-17T03:38:13.248Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}