V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2019-2253
CVE
Critical

Buffer over-read can occur while parsing an ogg file with a corrupted comment block. in Snapdragon Auto, Snapdragon Connectivity, Snapdrago…

CVSS
9.8
Critical
EPSS
0.01
p49
Published
2019-01-01
Updated
2019-01-01
Description

Buffer over-read can occur while parsing an ogg file with a corrupted comment block. in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20

Tags · CWE
RCEPre-auth
CWE-125
CAPEC-540
Affected products
Mdm9150_firmwareMdm9206_firmwareMdm9607_firmwareMdm9650_firmwareMsm8909w_firmwareMsm8996au_firmwareQcs405_firmwareQcs605_firmwareQualcomm_215_firmwareSd_205_firmwareSd_210_firmwareSd_212_firmwareSd_415_firmwareSd_425_firmwareSd_427_firmwareSd_429_firmwareSd_430_firmwareSd_435_firmwareSd_439_firmwareSd_450_firmware
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2019-01-01
Published
2019-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.007 · p49
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
mdm9150_firmware*Tracked
mdm9206_firmware*Tracked
mdm9607_firmware*Tracked
mdm9650_firmware*Tracked
msm8909w_firmware*Tracked
msm8996au_firmware*Tracked
qcs405_firmware*Tracked
qcs605_firmware*Tracked
qualcomm_215_firmware*Tracked
sd_205_firmware*Tracked
sd_210_firmware*Tracked
sd_212_firmware*Tracked
sd_415_firmware*Tracked
sd_425_firmware*Tracked
sd_427_firmware*Tracked
sd_429_firmware*Tracked
sd_430_firmware*Tracked
sd_435_firmware*Tracked
sd_439_firmware*Tracked
sd_450_firmware*Tracked
Showing first 20 of 43
Source databases
CVE