Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead…

An out of bound memory access can occur due to improper validation of number of frames being pa…

Memory corruption due to double free in Core while mapping HLOS address to the list.

Possible use after free due to improper handling of memory mapping of multiple processes simult…

Out of bound write while parsing SDP string due to missing check on null termination in Snapdra…

Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snap…

Memory corruption while using alignments for memory allocation.

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination c…

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination c…

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination c…

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination c…

Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer le…

Out of bound read occurs while processing crafted SDP due to lack of check of null string in Sn…

Potential out of bound read exception when UE receives unusually large number of padding octets…

Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is prov…

Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size bef…

u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data return…

u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to …

u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected numbe…

Out of bound memory read in Data modem while unpacking data due to lack of offset length check …

Possible heap overflow due to improper length check of domain while parsing the DNS response in…

Memory corruption while processing crafted SDES packets due to improper length check in sdes pa…

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe respons…

Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE…

Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can b…

Out of bound memory access while playing music playbacks with crafted vorbis content due to imp…

Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE len…

Possible buffer overflow due to improper validation of device types during P2P search in Snapdr…

Buffer over-read can happen when the buffer length received from response handlers is more than…

A use after free can occur due to improper validation of P2P device address in PD Request frame…

Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Aut…

Integer underflow can occur when the RTCP length is lesser than than the actual blocks present …

Possible buffer underflow due to lack of check for negative indices values when processing user…

Possible buffer overflow in voice service due to lack of input validation of parameters in QMI …

Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip i…

Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdra…

Denial of service while processing RTCP packets containing multiple SDES reports due to memory …

Accepting AMSDU frames with mismatched destination and source address can lead to information d…

Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto,…

Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdr…