In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, while parsing FLAC file with corrupted picture block, a buffer over-read can occur.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00214.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Qualcomm, Inc. Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear affected
Version Status Constraints
MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016 affected

Configuration 1 [-]

AND
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd210:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:qualcomm:sd212_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd212:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd205:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:qualcomm:sd425_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd425:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:qualcomm:sd427_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd427:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:qualcomm:sd430_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd430:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:qualcomm:sd435_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd435:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd450:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:qualcomm:sd615_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd615:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:qualcomm:sd616_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd616:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:qualcomm:sd415_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd415:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd625:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:qualcomm:sd650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd650:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd625:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:qualcomm:sd810_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd810:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd820:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:qualcomm:sd820a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd820a:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd835:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:o:qualcomm:sd845_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd845:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND
cpe:2.3:o:qualcomm:sdm429_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm429:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND
cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm439:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND
cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND
cpe:2.3:o:qualcomm:sdm632_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm632:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND
cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm636:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND
cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND
cpe:2.3:o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm710:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND
cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Qualcomm Subscribe
Mdm9206 Subscribe
Mdm9206 Firmware Subscribe
Mdm9607 Subscribe
Mdm9607 Firmware Subscribe
Mdm9650 Subscribe
Mdm9650 Firmware Subscribe
Msm8909w Subscribe
Msm8909w Firmware Subscribe
Msm8996au Subscribe
Msm8996au Firmware Subscribe
Sd205 Subscribe
Sd205 Firmware Subscribe
Sd210 Subscribe
Sd210 Firmware Subscribe
Sd212 Subscribe
Sd212 Firmware Subscribe
Sd415 Subscribe
Sd415 Firmware Subscribe
Sd425 Subscribe
Sd425 Firmware Subscribe
Sd427 Subscribe
Sd427 Firmware Subscribe
Sd430 Subscribe
Sd430 Firmware Subscribe
Sd435 Subscribe
Sd435 Firmware Subscribe
Sd450 Subscribe
Sd450 Firmware Subscribe
Sd615 Subscribe
Sd615 Firmware Subscribe
Sd616 Subscribe
Sd616 Firmware Subscribe
Sd625 Subscribe
Sd625 Firmware Subscribe
Sd650 Subscribe
Sd650 Firmware Subscribe
Sd810 Subscribe
Sd810 Firmware Subscribe
Sd820 Subscribe
Sd820 Firmware Subscribe
Sd820a Subscribe
Sd820a Firmware Subscribe
Sd835 Subscribe
Sd835 Firmware Subscribe
Sd845 Subscribe
Sd845 Firmware Subscribe
Sda660 Subscribe
Sda660 Firmware Subscribe
Sdm429 Subscribe
Sdm429 Firmware Subscribe
Sdm439 Subscribe
Sdm439 Firmware Subscribe
Sdm630 Subscribe
Sdm630 Firmware Subscribe
Sdm632 Subscribe
Sdm632 Firmware Subscribe
Sdm636 Subscribe
Sdm636 Firmware Subscribe
Sdm660 Subscribe
Sdm660 Firmware Subscribe
Sdm710 Subscribe
Sdm710 Firmware Subscribe
Sdx20 Subscribe
Sdx20 Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2018-3325 In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, while parsing FLAC file with corrupted picture block, a buffer over-read can occur.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components cve-icon cve-icon
https://www.qualcomm.com/company/product-security/bulletins cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2024-08-05T08:01:52.839Z

Reserved: 2018-05-18T00:00:00

Link: CVE-2018-11285

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-09-20T13:29:01.260

Modified: 2024-11-21T03:43:03.447

Link: CVE-2018-11285

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses