CVE-2018-11285

Published: Sep 20, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, while parsing FLAC file with corrupted picture block, a buffer over-read can occur.

Affected (32)

Products: Qualcomm: Mdm9206 Firmware, Mdm9607 Firmware, Mdm9650 Firmware, Msm8909w Firmware, Msm8996au Firmware, Sd210 Firmware, Sd212 Firmware, Sd205 Firmware, Sd425 Firmware, Sd427 Firmware, Sd430 Firmware, Sd435 Firmware, Sd450 Firmware, Sd615 Firmware, Sd616 Firmware, Sd415 Firmware, Sd650 Firmware, Sd625 Firmware, Sd810 Firmware, Sd820 Firmware, Sd820a Firmware, Sd835 Firmware, Sd845 Firmware, Sda660 Firmware, Sdm429 Firmware, Sdm439 Firmware, Sdm630 Firmware, Sdm632 Firmware, Sdm636 Firmware, Sdm660 Firmware, Sdm710 Firmware, Sdx20 Firmware

32 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9206 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9206	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9607 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9607	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9650 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9650	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8909w Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8909w	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8996au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8996au	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd210 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd210	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd212 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd212	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd205 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd205	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd425 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd425	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd427 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd427	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd430 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd430	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd435 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd435	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd450 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd450	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd615 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd615	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd616 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd616	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd415 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd415	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd650 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd650	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd625 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd625	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd810 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd810	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd820 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd820	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd820a Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd820a	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd835 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd835	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd845 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd845	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sda660 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sda660	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm429 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm429	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm439 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm439	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm630 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm630	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm632 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm632	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm636 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm636	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm660 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm660	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm710 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm710	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx20 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx20	All versions

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (4)

https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components

Source: product-security@qualcomm.com

Third Party Advisory

https://www.qualcomm.com/company/product-security/bulletins

Source: product-security@qualcomm.com

Vendor Advisory

https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.qualcomm.com/company/product-security/bulletins

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.