CVE-2020-8899

Name of the Vulnerable Software and Affected Versions Samsung Android OS versions O(8.x) through Q(10.0)

Description A buffer overwrite vulnerability exists in the Quram qmg library, allowing an unauthenticated attacker to trigger a heap-based buffer overflow by sending a specially crafted MMS. This can lead to arbitrary remote code execution (RCE) without any user interaction. The vulnerability can be exploited by sending a malicious image in MMS, email, or chat messages, and it affects the processing of images in QM and QG formats.

Recommendations For Samsung Android OS versions O(8.x) through Q(10.0), consider disabling the processing of QM and QG image formats until a patch is available. Restrict access to the Quram image codec to minimize the risk of exploitation. Avoid opening suspicious MMS, email, or chat messages containing images, especially those in QM and QG formats, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.