Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.
Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.
Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write.
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability.
DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code.
DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code.
DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking.
A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege.
DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code.
DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code.
Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. User interaction is required for triggering this vulnerability.
Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.
Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code.
Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent.
Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked.
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31.
An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.
Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory.
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.
Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to write out-of-bounds memory.
Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory.
Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.
Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code.
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability.
Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.
Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.
Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.
Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.
Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
Out-of-bounds write in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.
Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.
Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.
Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory.