CVE-2019-14046

EPSS 0.03%
Published 07.02.2020 05:15:11
Last modified 21.11.2024 04:25:58
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM439, SDX24

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Qcs605 Firmware Version-

Qualcomm ≫ Qcs605 Version-

Qualcomm ≫ Sdm439 Firmware Version-

Qualcomm ≫ Sdm439 Version-

Qualcomm ≫ Sdx24 Firmware Version-

Qualcomm ≫ Sdx24 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.06

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-14046

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-14046

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-14046

EUVD