Wiz
Vulnerability DatabaseCVE-2022-36846

CVE-2022-36846
NixOS vulnerability analysis and mitigation

Overview

A heap overflow vulnerability was identified in Samsung's decoding library for video thumbnails, tracked as CVE-2022-36846. The vulnerability affects Samsung mobile devices running Android OS versions Q(10) and R(11) with libsadapter, and S(12) and T(13) OS with libsthmbcadapter (Samsung Mobile).

Technical details

The vulnerability is classified as a heap overflow condition that could allow a local attacker to perform Out-Of-Bounds Write operations. The issue specifically affects the video thumbnail decoding functionality in Samsung's multimedia processing components (Samsung Mobile).

Impact

If successfully exploited, this vulnerability could allow local attackers to perform Out-Of-Bounds Write operations, potentially leading to memory corruption and arbitrary code execution within the context of the affected component (Samsung Mobile).

Mitigation and workarounds

Samsung addressed this vulnerability in their December 2022 Security Maintenance Release (SMR). The patch adds proper input validation logic and TOCTOU prevention code to prevent heap overflow conditions. Users are advised to update their devices to the latest available security patch (Samsung Mobile).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-14330CRITICAL9.8
  • NixOSNixOS
  • cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
NoYesDec 09, 2025
CVE-2025-14329HIGH8.8
  • NixOSNixOS
  • cpe:2.3:a:mozilla:firefox_esr
NoYesDec 09, 2025
CVE-2025-14333HIGH8.1
  • NixOSNixOS
  • firefox-esr
NoYesDec 09, 2025
CVE-2025-14332HIGH7.3
  • NixOSNixOS
  • thunderbird
NoYesDec 09, 2025
CVE-2025-14331MEDIUM6.5
  • NixOSNixOS
  • firefox
NoYesDec 09, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo