Kiwan Ko

**Name of the Vulnerable Software and Affected Versions** libsmkvextractor versions prior to SMR Jun-2022 Release 1 **Description** The issue is related to an improper input validation check logic vulnerability. This vulnerability allows attackers to trigger a crash. **Recommendations** For versions prior to SMR Jun-2022 Release 1, update to SMR Jun-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libsmkvextractor versions prior to SMR Jun-2022 Release 1 **Description** The issue is related to an improper input validation check logic, which can be exploited by attackers to trigger a crash. **Recommendations** For versions prior to SMR Jun-2022 Release 1, update to SMR Jun-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Account versions prior to SMR Jun-2022 Release 1 **Description** The issue allows attackers to bypass user confirmation of Samsung Account through an Implicit Intent hijacking vulnerability. **Recommendations** For versions prior to SMR Jun-2022 Release 1, update to a version that is at or later than SMR Jun-2022 Release 1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Settings versions prior to SMR Jun-2022 Release 1 **Description** The issue allows attackers to obtain Wi-Fi SSID and password through a malicious QR code scanner by exploiting an Implicit Intent hijacking vulnerability in Settings. **Recommendations** For versions prior to SMR Jun-2022 Release 1, update to SMR Jun-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** aviextractor library versions prior to SMR May-2022 Release 1 **Description** The issue is related to improper buffer size check logic, which allows for out of bounds read. This can lead to a possible temporary denial of service. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to SMR May-2022 Release 1, update to SMR May-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider implementing additional buffer size check logic to prevent out of bounds reads.

**Name of the Vulnerable Software and Affected Versions** wmfextractor library versions prior to SMR May-2022 Release 1 **Description** The issue is caused by improper buffer size check logic in the wmfextractor library, allowing out of bounds read. This can lead to a possible temporary denial of service. The patch for this issue adds buffer size check logic to prevent such occurrences. **Recommendations** For versions prior to SMR May-2022 Release 1, update to the SMR May-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the wmfextractor library until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** libsapeextractor library versions prior to SMR Apr-2022 Release 1 **Description** The issue is related to an improper size check in the `sapefd parse meta HEADER old` function, which allows for an out of bounds read. This can be triggered by a crafted media file. **Recommendations** For versions prior to SMR Apr-2022 Release 1, update to SMR Apr-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `sapefd parse meta HEADER old` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Storage Manager and Storage Manager Service versions prior to SMR Apr-2022 Release 1 **Description** The issue is related to improper access control and path traversal, allowing local attackers to access arbitrary system files without proper permission. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to SMR Apr-2022 Release 1, update to the SMR Apr-2022 Release 1 or later to add proper validation logic and prevent arbitrary file access.

**Name of the Vulnerable Software and Affected Versions** libsapeextractor library versions prior to SMR Apr-2022 Release 1 **Description** The issue is related to an improper size check in the `sapefd parse meta HEADER` function, which allows for an out of bounds read. This can be triggered by a crafted media file. **Recommendations** For versions prior to SMR Apr-2022 Release 1, update to SMR Apr-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `sapefd parse meta HEADER` function until a patch is available. Avoid using the libsapeextractor library with untrusted media files until the issue is resolved.