{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34672", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "state": "PUBLISHED", "assignerShortName": "SamsungMobile", "dateReserved": "2024-05-07T04:43:27.850Z", "datePublished": "2024-10-08T06:30:54.940Z", "dateUpdated": "2024-10-08T13:25:40.797Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-20: Improper Input Validation"}]}], "affected": [{"vendor": "Samsung Mobile", "product": "SamsungVideoPlayer", "versions": [{"status": "unaffected", "version": "7.3.29.1 in Android 12, 7.3.36.1 in Android 13 and 7.3.41.230 in Android 14"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users."}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=10"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "SamsungMobile", "dateUpdated": "2024-10-08T06:30:54.940Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T13:18:09.656531Z", "id": "CVE-2024-34672", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T13:25:40.797Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34672", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-08T13:18:09.656531Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T13:25:28.473Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Samsung Mobile", "product": "SamsungVideoPlayer", "versions": [{"status": "unaffected", "version": "7.3.29.1 in Android 12, 7.3.36.1 in Android 13 and 7.3.41.230 in Android 14"}], "defaultStatus": "affected"}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=10"}], "descriptions": [{"lang": "en", "value": "Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "SamsungMobile", "dateUpdated": "2024-10-08T06:30:54.940Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34672", "state": "PUBLISHED", "dateUpdated": "2024-10-08T13:25:40.797Z", "dateReserved": "2024-05-07T04:43:27.850Z", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "datePublished": "2024-10-08T06:30:54.940Z", "assignerShortName": "SamsungMobile"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:video_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C149104-AD84-4B36-A76C-D60D3A2D4E32", "versionEndExcluding": "7.3.29.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "029F9473-A563-4200-8629-6C5E879C17F5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:video_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C2DBC69-A152-4FEA-8309-91E4B931834C", "versionEndExcluding": "7.3.36.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7ADC106-A95F-44C1-A793-52D1B73E48FF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:video_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "7105C7A2-36DA-4C5E-BE5F-9A252D8662A6", "versionEndExcluding": "7.3.41.230", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFFA6D62-DB0C-440B-9D44-F327B7569549", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users."}, {"lang": "es", "value": "La validaci\u00f3n de entrada incorrecta en SamsungVideoPlayer anterior a las versiones 7.3.29.1 en Android 12, 7.3.36.1 en Android 13 y 7.3.41.230 en Android 14 permite a atacantes locales acceder a archivos de video de otros usuarios."}], "id": "CVE-2024-34672", "lastModified": "2026-01-08T19:46:26.250", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "mobile.security@samsung.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-08T07:15:05.880", "references": [{"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=10"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}