CVE-2024-34587: 
NixOS vulnerability analysis and mitigation

Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. The vulnerability (CVE-2024-34587) was discovered and reported on July 2, 2024, affecting Samsung Android devices running versions 12, 13, and 14 (Samsung Mobile).

The vulnerability exists in the librtp.so library's RTCP packet parsing functionality. It has been assigned a CVSS v3.1 base score of 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) by Samsung Mobile, while NIST assigned a score of 6.8 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H) (NVD).

If successfully exploited, this vulnerability allows remote attackers to execute arbitrary code with system privileges on affected devices. The impact is significant as it could lead to complete system compromise, though user interaction is required for the attack to succeed (CVE).

Samsung has addressed this vulnerability in the SMR Jul-2024 Release 1 security update. Users of affected devices should update their systems to this version or later to protect against this vulnerability (Samsung Mobile).