Primary

Context

Samsung Libsthmbc.so Out-of-Bounds Write Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A high-severity out-of-bounds write vulnerability has been identified in the libsthmbc.so library, present in Samsung devices running Android 12, 13, or 14, prior to the January 2025 Security Maintenance Release. This vulnerability allows local attackers to execute arbitrary code with elevated privileges. The issue arises from improper handling of the buffer that stores decoded video frames, creating an opportunity for exploitation. User interaction is required to trigger this vulnerability.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution with elevated privileges on the affected device.

Remediation

Users can update to the January 2025 Security Maintenance Release to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung Libsthmbc.so Out-of-Bounds Write Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Samsung libsthmbc

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating