Qualcomm ≫ Sw5100 Firmware

Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM.

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message.

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

Memory corruption due to double free in core while initializing the encryption key.

Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.

Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.