CVE-2017-17773

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Automobile versions MDM9206, MDM9607, MDM9650, SD 210, SD 212, SD 205, SD 400, SD 410, SD 412, SD 425, SD 430, SD 450, SD 600, SD 602A, SD 615, SD 616, SD 415, SD 617, SD 625, SD 650, SD 652, SD 800, SD 808, SD 810, SD 820, SD 820Am, SD 835, SD 845, MSM8909W Qualcomm Snapdragon Wearable versions MDM9206, MDM9607, MDM9650, SD 210, SD 212, SD 205, SD 400, SD 410, SD 412, SD 425, SD 430, SD 450, SD 600, SD 602A, SD 615, SD 616, SD 415, SD 617, SD 625, SD 650, SD 652, SD 800, SD 808, SD 810, SD 820, SD 820Am, SD 835, SD 845, MSM8909W Qualcomm Snapdragon Mobile versions MDM9206, MDM9607, MDM9650, SD 210, SD 212, SD 205, SD 400, SD 410, SD 412, SD 425, SD 430, SD 450, SD 600, SD 602A, SD 615, SD 616, SD 415, SD 617, SD 625, SD 650, SD 652, SD 800, SD 808, SD 810, SD 820, SD 820Am, SD 835, SD 845, MSM8909W

Description The issue is related to improper input validation in the video fmt mp4r process atom avc1() function, which can cause a potential buffer overflow. This is due to insufficient checking of input data, allowing an attacker to potentially cause a buffer overflow or execute arbitrary code.

Recommendations For Qualcomm Snapdragon Automobile, Snapdragon Wearable, and Snapdragon Mobile, consider disabling the video fmt mp4r process atom avc1() function until a patch is available to prevent potential buffer overflow exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.