Impact
The vulnerability is an out‑of‑bounds write in the Snapdragon camera driver triggered while parsing JPEG commands. The write occurs because the driver performs extra, unaccounted buffer writes during validation, leading to memory corruption. The primary impact is the potential for unpredictable behavior or a crash; the weakness corresponds to CWE‑787. No direct evidence of a remote code execution path is provided in the description, so the impact appears limited to integrity and availability of the affected device.
Affected Systems
This issue affects Qualcomm, Inc.'s Snapdragon platform. No specific model or firmware version details are listed; therefore all Snapdragon devices that include the affected camera driver are considered potentially vulnerable until the vendor publishes a fix.
Risk and Exploitability
The CVSS score is 5.3, indicating moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation to date. The likely attack vector involves local or privileged exploitation through camera usage, as the flaw is triggered during JPEG command processing. In the absence of further exploit details, the risk is considered moderate but could increase if an attacker can inject crafted JPEG data and has sufficient privileges to interact with the driver.
OpenCVE Enrichment