PT-2020-17667 · Qualcomm · Snapdragon Connectivity+7
Published
2020-06-22
·
Updated
2020-06-25
·
CVE-2020-3661
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Qualcomm Snapdragon versions APQ8009 through SM8250
Description
A buffer overflow issue occurs when parsing an mp4 clip with corrupted sample atoms values that exceed the MAX UINT32 range due to a lack of validation checks in various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wearables.
Recommendations
For Qualcomm Snapdragon versions APQ8009 through SM8250, update to a version that includes the necessary validation checks to prevent buffer overflow when parsing mp4 clips.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer Iot
Snapdragon Industrial Iot
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables