CVE-2025-20881

Name of the Vulnerable Software and Affected Versions libsthmbc.so versions prior to SMR Jan-2025 Release 1

Description The issue is an out-of-bounds write in accessing a buffer that stores decoded video frames. This allows local attackers to execute arbitrary code with privilege, but user interaction is required to trigger the vulnerability.

Recommendations For versions prior to SMR Jan-2025 Release 1, as a temporary workaround, consider restricting access to the libsthmbc.so library until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.