CVE-2022-26095

Vulnerability

The vulnerability resides in the parser_colr function of the libsimba library, which is used on Samsung mobile devices. A null pointer dereference occurs when processing specially crafted data, enabling an out-of-bounds write. Affected versions are those using libsimba prior to the Samsung Mobile Security (SMR) Apr-2022 Release 1 [1].

Exploitation

An attacker can exploit this vulnerability remotely without authentication. By delivering a maliciously crafted input to the parser_colr function, the null pointer dereference is triggered, leading to a write operation outside the intended memory bounds [1]. No user interaction is required if the attack vector is network-based.

Impact

Successful exploitation results in an out-of-bounds write, which can lead to memory corruption. The attacker may achieve arbitrary code execution or cause a denial of service. The impact is critical as it enables remote compromise of the device without privileges [1].

Mitigation

Samsung released the fix as part of the SMR Apr-2022 Release 1 security update for Android. Users should apply the update promptly via the device's software update mechanism [1]. No workarounds are described; updating is the only mitigation.