CVE-2025-21006

Description

Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Samsung Mobile / libsavsvc.soAndroid 15 – Android 15

References

MISChttps://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=07