CVE-2019-14017

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Description: A heap buffer overflow can occur while parsing invalid MKV clips with non-standard and invalid Vorbis codec data. This issue affects various Qualcomm Snapdragon products, including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, and Wearables.

Recommendations: For all affected versions, consider applying a patch or update to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.