CVE-2024-34672

Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=10	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:samsung:video_player:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:12.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:samsung:video_player:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:13.0:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:samsung:video_player:*:*:*:*:*:*:*:*

cpe:2.3:o:samsung:android:14.0:*:*:*:*:*:*:*

History

08 Jan 2026, 19:46

Type	Values Removed	Values Added
First Time		Samsung android Samsung Samsung video Player
CPE		cpe:2.3:o:samsung:android:13.0:::::::* cpe:2.3:o:samsung:android:12.0:::::::* cpe:2.3:a:samsung:video_player:::::::: cpe:2.3:o:samsung:android:14.0:::::::*
References	~~() https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=10 -~~	() https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=10 - Vendor Advisory
CWE		NVD-CWE-noinfo

10 Oct 2024, 12:56

Type	Values Removed	Values Added
Summary		(es) La validación de entrada incorrecta en SamsungVideoPlayer anterior a las versiones 7.3.29.1 en Android 12, 7.3.36.1 en Android 13 y 7.3.41.230 en Android 14 permite a atacantes locales acceder a archivos de video de otros usuarios.

08 Oct 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-08 07:15

Updated : 2026-01-08 19:46

NVD link : CVE-2024-34672

Mitre link : CVE-2024-34672

CVE.ORG link : CVE-2024-34672

JSON object : View

Products Affected

samsung

android
video_player

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-34672", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2024-10-08T07:15:05.880", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=10", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users."}, {"lang": "es", "value": "La validaci\u00f3n de entrada incorrecta en SamsungVideoPlayer anterior a las versiones 7.3.29.1 en Android 12, 7.3.36.1 en Android 13 y 7.3.41.230 en Android 14 permite a atacantes locales acceder a archivos de video de otros usuarios."}], "lastModified": "2026-01-08T19:46:26.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:video_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C149104-AD84-4B36-A76C-D60D3A2D4E32", "versionEndExcluding": "7.3.29.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:12.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "029F9473-A563-4200-8629-6C5E879C17F5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:video_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C2DBC69-A152-4FEA-8309-91E4B931834C", "versionEndExcluding": "7.3.36.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:13.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D7ADC106-A95F-44C1-A793-52D1B73E48FF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:video_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7105C7A2-36DA-4C5E-BE5F-9A252D8662A6", "versionEndExcluding": "7.3.41.230"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:14.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BFFA6D62-DB0C-440B-9D44-F327B7569549"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "mobile.security@samsung.com"}