CVE-2025-20891

Name of the Vulnerable Software and Affected Versions libsthmbc.so versions prior to SMR Jan-2025 Release 1

Description The issue is related to an out-of-bounds read in the decoding of malformed bitstreams of video thumbnails in libsthmbc.so. This allows local attackers to read arbitrary memory. User interaction is required for triggering this issue.

Recommendations For versions prior to SMR Jan-2025 Release 1, as a temporary workaround, consider restricting access to the vulnerable libsthmbc.so library until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.