CVE-2024-20854

Published: Apr 2, 2024Modified: Oct 10, 2025

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

Improper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14 allows local attackers to access image data.

Affected (3)

Products: Samsung: Camera

Samsung

1 product

Camera

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Camera	Before 12.1.0.31

Running on/with	Platform Versions
Google Android	Version 12.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Camera	Before 13.1.02.07

Running on/with	Platform Versions
Google Android	Version 13.0

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Camera	Before 14.0.01.06

Running on/with	Platform Versions
Google Android	Version 14.0

References (2)

https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=04

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=04

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.