CVE-2019-10591

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Description A null pointer dereference issue can occur when parsing a non-standard udta atom with an invalid depth. This issue affects various Qualcomm Snapdragon products, including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, and Wearables.

Recommendations For each of the affected Qualcomm Snapdragon versions, apply the necessary patches or updates to resolve the null pointer dereference issue when parsing non-standard udta atoms. At the moment, there is no information about a newer version that contains a fix for this vulnerability.