This vulnerability is a stack‑based buffer overflow caused when an output buffer is smaller than the input buffer during a data copying operation. The resulting memory corruption is described by CWE‑121 and can potentially allow an attacker to overwrite return addresses or control data on the stack, leading to arbitrary code execution within the vulnerable process.

Qualcomm Snapdragon products are affected. No specific firmware or software versions are listed, so the vulnerability may exist across all currently supported Snapdragon releases until further information is disclosed.

The CVSS score of 6.7 indicates a medium severity with potential for executable code. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting that no widespread exploitation is currently observed. Attackers would likely need local access to the device or exploitation of an exposed API exposed by Qualcomm software. Without an official patch, the risk remains contingent on the presence of mitigations such as stack canaries and ASLR.