CVE-2026-20973 — Out-of-bounds Read in Samsung Android

Severity

9.1CRITICALNVD

CNA5.3

EPSS

0.0%

top 94.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJan 9

Description

Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

▶NVDsamsung/android4 versions+3

CVEList

CVE-2026-20973: Out-of-bounds read in libimagecodec↗2026-01-09

▶

GHSA

GHSA-f5wv-cvx7-7x88: Out-of-bounds read in libimagecodec↗2026-01-09

▶

Wiz

CVE-2026-20973 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶