9.3

CVE-2018-11285

EPSS 0.1%
Veröffentlicht 20.09.2018 13:29:01
Zuletzt bearbeitet 21.11.2024 03:43:03
Quelle product-security@qualcomm.com
Teams Watchlist Login
Unerledigt Login

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, while parsing FLAC file with corrupted picture block, a buffer over-read can occur.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qualcomm ≫ Mdm9206 Firmware Version-

Qualcomm ≫ Mdm9206 Version-

Qualcomm ≫ Mdm9607 Firmware Version-

Qualcomm ≫ Mdm9607 Version-

Qualcomm ≫ Mdm9650 Firmware Version-

Qualcomm ≫ Mdm9650 Version-

Qualcomm ≫ Msm8909w Firmware Version-

Qualcomm ≫ Msm8909w Version-

Qualcomm ≫ Msm8996au Firmware Version-

Qualcomm ≫ Msm8996au Version-

Qualcomm ≫ Sd210 Firmware Version-

Qualcomm ≫ Sd210 Version-

Qualcomm ≫ Sd212 Firmware Version-

Qualcomm ≫ Sd212 Version-

Qualcomm ≫ Sd205 Firmware Version-

Qualcomm ≫ Sd205 Version-

Qualcomm ≫ Sd425 Firmware Version-

Qualcomm ≫ Sd425 Version-

Qualcomm ≫ Sd427 Firmware Version-

Qualcomm ≫ Sd427 Version-

Qualcomm ≫ Sd430 Firmware Version-

Qualcomm ≫ Sd430 Version-

Qualcomm ≫ Sd435 Firmware Version-

Qualcomm ≫ Sd435 Version-

Qualcomm ≫ Sd450 Firmware Version-

Qualcomm ≫ Sd450 Version-

Qualcomm ≫ Sd615 Firmware Version-

Qualcomm ≫ Sd615 Version-

Qualcomm ≫ Sd616 Firmware Version-

Qualcomm ≫ Sd616 Version-

Qualcomm ≫ Sd415 Firmware Version-

Qualcomm ≫ Sd415 Version-

Qualcomm ≫ Sd625 Firmware Version-

Qualcomm ≫ Sd625 Version-

Qualcomm ≫ Sd650 Firmware Version-

Qualcomm ≫ Sd650 Version-

Qualcomm ≫ Sd625 Firmware Version-

Qualcomm ≫ Sd625 Version-

Qualcomm ≫ Sd810 Firmware Version-

Qualcomm ≫ Sd810 Version-

Qualcomm ≫ Sd820 Firmware Version-

Qualcomm ≫ Sd820 Version-

Qualcomm ≫ Sd820a Firmware Version-

Qualcomm ≫ Sd820a Version-

Qualcomm ≫ Sd835 Firmware Version-

Qualcomm ≫ Sd835 Version-

Qualcomm ≫ Sd845 Firmware Version-

Qualcomm ≫ Sd845 Version-

Qualcomm ≫ Sda660 Firmware Version-

Qualcomm ≫ Sda660 Version-

Qualcomm ≫ Sdm429 Firmware Version-

Qualcomm ≫ Sdm429 Version-

Qualcomm ≫ Sdm439 Firmware Version-

Qualcomm ≫ Sdm439 Version-

Qualcomm ≫ Sdm630 Firmware Version-

Qualcomm ≫ Sdm630 Version-

Qualcomm ≫ Sdm632 Firmware Version-

Qualcomm ≫ Sdm632 Version-

Qualcomm ≫ Sdm636 Firmware Version-

Qualcomm ≫ Sdm636 Version-

Qualcomm ≫ Sdm660 Firmware Version-

Qualcomm ≫ Sdm660 Version-

Qualcomm ≫ Sdm710 Firmware Version-

Qualcomm ≫ Sdm710 Version-

Qualcomm ≫ Sdx20 Firmware Version-

Qualcomm ≫ Sdx20 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.255

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://www.qualcomm.com/company/product-security/bulletins

Vendor Advisory

https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-11285

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-11285

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-11285

EUVD