Vulnerability Note: VU#366027: Samsung Qmage codec for Android Skia library does not properly validate image files
Description: The Samsung May 2020 Android Security Update notes that”a possible memory overwrite vulnerability in Quram qmg library allows possible remote arbitrary code execution.”Samsung identifies this vulnerability as SVE-2020-16747,more commonly known as CVE-2020-8899. Google Project Zero performed extensive fuzz testing on the Qmage(or Quram,or qmg)code Samsung added to the Android Skia library and identified more than 1500 unique crashing test cases. At least one of these memory corruption vulnerabilities can be exploited by sending a specially crafted MMS message to a vulnerable system. Samsung notes that versions O(8.X),P(9.0),Q(10.0)are affected.