Description
Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks.
Published: 2026-07-06
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds write in the Snapdragon camera driver triggered while parsing JPEG commands. The write occurs because the driver performs extra, unaccounted buffer writes during validation, leading to memory corruption. The primary impact is the potential for unpredictable behavior or a crash; the weakness corresponds to CWE‑787. No direct evidence of a remote code execution path is provided in the description, so the impact appears limited to integrity and availability of the affected device.

Affected Systems

This issue affects Qualcomm, Inc.'s Snapdragon platform. No specific model or firmware version details are listed; therefore all Snapdragon devices that include the affected camera driver are considered potentially vulnerable until the vendor publishes a fix.

Risk and Exploitability

The CVSS score is 5.3, indicating moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation to date. The likely attack vector involves local or privileged exploitation through camera usage, as the flaw is triggered during JPEG command processing. In the absence of further exploit details, the risk is considered moderate but could increase if an attacker can inject crafted JPEG data and has sufficient privileges to interact with the driver.

Generated by OpenCVE AI on July 7, 2026 at 10:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify that Qualcomm has released a patch for the camera driver and apply it as soon as possible.
  • If a patch is not yet available, disable or restrict camera operation until the fix is deployed, or limit camera access to trusted applications only.
  • Continuously monitor device anomalous memory or driver behavior that could indicate exploitation attempts.

Generated by OpenCVE AI on July 7, 2026 at 10:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 06 Jul 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Description Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks.
Title Out-of-bounds Write in Camera Driver
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L'}


Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-07-07T13:10:54.219Z

Reserved: 2025-12-17T04:35:45.742Z

Link: CVE-2026-21368

cve-icon Vulnrichment

Updated: 2026-07-06T20:54:23.699Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-07T11:00:05Z

Weaknesses