{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T22:27:44.576","vulnerabilities":[{"cve":{"id":"CVE-2020-8899","sourceIdentifier":"cve-coordination@google.com","published":"2020-05-06T17:15:14.087","lastModified":"2024-11-21T05:39:39.323","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747."},{"lang":"es","value":"Se presenta una vulnerabilidad de sobrescritura del búfer en la biblioteca Quram qmg del sistema operativo Android de Samsung versiones O(8.x), P(9.0) y Q(10.0). Un atacante no autenticado y no autorizado al enviar un MMS especialmente diseñado hacia un teléfono vulnerable puede desencadenar un desbordamiento del búfer en la región heap de la memoria en el códec de imagen de Quram conllevando a una ejecución de código remota (RCE) arbitraria sin ninguna interacción del usuario. El ID de Samsung es SVE-2020-16747."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@google.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cve-coordination@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*","matchCriteriaId":"B578E383-0D77-4AC7-9C81-3F0B8C18E033"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*","matchCriteriaId":"B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*","matchCriteriaId":"8DFAAD08-36DA-4C95-8200-C29FE5B6B854"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D558D965-FA70-4822-A770-419E73BA9ED3"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/157620/Samsung-Android-Remote-Code-Execution.html","source":"cve-coordination@google.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=2002","source":"cve-coordination@google.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://security.samsungmobile.com/securityUpdate.smsb","source":"cve-coordination@google.com","tags":["Vendor Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/366027","source":"cve-coordination@google.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://packetstormsecurity.com/files/157620/Samsung-Android-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=2002","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://security.samsungmobile.com/securityUpdate.smsb","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/366027","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}