9.8

CVE-2019-10559

Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QualcommApq8009 Firmware Version-
   QualcommApq8009 Version-
QualcommApq8017 Firmware Version-
   QualcommApq8017 Version-
QualcommApq8053 Firmware Version-
   QualcommApq8053 Version-
QualcommApq8064 Firmware Version-
   QualcommApq8064 Version-
QualcommApq8096au Firmware Version-
   QualcommApq8096au Version-
QualcommApq8098 Firmware Version-
   QualcommApq8098 Version-
QualcommMdm9206 Firmware Version-
   QualcommMdm9206 Version-
QualcommMdm9207c Firmware Version-
   QualcommMdm9207c Version-
QualcommMdm9607 Firmware Version-
   QualcommMdm9607 Version-
QualcommMsm8905 Firmware Version-
   QualcommMsm8905 Version-
QualcommMsm8909 Firmware Version-
   QualcommMsm8909 Version-
QualcommMsm8909w Firmware Version-
   QualcommMsm8909w Version-
QualcommMsm891 Firmware Version-
   QualcommMsm891 Version-
QualcommMsm8939 Firmware Version-
   QualcommMsm8939 Version-
QualcommMsm8953 Firmware Version-
   QualcommMsm8953 Version-
QualcommMsm8996 Firmware Version-
   QualcommMsm8996 Version-
QualcommMsm8996au Firmware Version-
   QualcommMsm8996au Version-
QualcommNicobar Firmware Version-
   QualcommNicobar Version-
QualcommQcs405 Firmware Version-
   QualcommQcs405 Version-
QualcommQcs605 Firmware Version-
   QualcommQcs605 Version-
QualcommQm215 Firmware Version-
   QualcommQm215 Version-
QualcommSda660 Firmware Version-
   QualcommSda660 Version-
QualcommSda845 Firmware Version-
   QualcommSda845 Version-
QualcommSdm429 Firmware Version-
   QualcommSdm429 Version-
QualcommSdm439 Firmware Version-
   QualcommSdm439 Version-
QualcommSdm450 Firmware Version-
   QualcommSdm450 Version-
QualcommSdm630 Firmware Version-
   QualcommSdm630 Version-
QualcommSdm632 Firmware Version-
   QualcommSdm632 Version-
QualcommSdm636 Firmware Version-
   QualcommSdm636 Version-
QualcommSdm660 Firmware Version-
   QualcommSdm660 Version-
QualcommSdx20 Firmware Version-
   QualcommSdx20 Version-
QualcommSm6150 Firmware Version-
   QualcommSm6150 Version-
QualcommSm7150 Firmware Version-
   QualcommSm7150 Version-
QualcommSm8150 Firmware Version-
   QualcommSm8150 Version-
QualcommSm8250 Firmware Version-
   QualcommSm8250 Version-
QualcommSxr1130 Firmware Version-
   QualcommSxr1130 Version-
QualcommSxr2130 Firmware Version-
   QualcommSxr2130 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.32% 0.517
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.