CVE-2021-25386: 
NixOS vulnerability analysis and mitigation

An improper input validation vulnerability in sdfffdparsechunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. The vulnerability was assigned CVE-2021-25386 and was disclosed in June 2021. It affects Android versions 8.1 through 11.0 (NVD, Samsung Mobile).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) by NIST with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, no privileges required, and high impacts to confidentiality, integrity and availability. Samsung Mobile assigned a slightly lower CVSS score of 9.0 (CRITICAL) with vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. The vulnerability is classified as CWE-121 (Stack-based Buffer Overflow) (NVD).

If exploited, this vulnerability allows attackers to execute arbitrary code on the mediaextractor process, potentially leading to complete compromise of the affected device's security. The high CVSS scores indicate severe potential impacts to system confidentiality, integrity, and availability (NVD).

The vulnerability was patched in Samsung's SMR MAY-2021 Release 1. Users should update their devices to this or a later security patch level to mitigate the risk (Samsung Mobile).