CVE-2019-14057

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto versions APQ8009 through SM8250 Qualcomm Snapdragon Compute versions APQ8009 through SM8250 Qualcomm Snapdragon Connectivity versions APQ8009 through SM8250 Qualcomm Snapdragon Consumer IOT versions APQ8009 through SM8250 Qualcomm Snapdragon Industrial IOT versions APQ8009 through SM8250 Qualcomm Snapdragon IoT versions APQ8009 through SM8250 Qualcomm Snapdragon Mobile versions APQ8009 through SM8250 Qualcomm Snapdragon Voice & Music versions APQ8009 through SM8250 Qualcomm Snapdragon Wearables versions APQ8009 through SM8250

Description: A buffer over-read issue occurs while parsing an mkv file due to the lack of a buffer size check before reading. This issue affects various Qualcomm Snapdragon products.

Recommendations: For Qualcomm Snapdragon Auto versions APQ8009 through SM8250, update the codec parser to include a buffer size check before reading to prevent buffer over-read. For Qualcomm Snapdragon Compute versions APQ8009 through SM8250, update the codec parser to include a buffer size check before reading to prevent buffer over-read. For Qualcomm Snapdragon Connectivity versions APQ8009 through SM8250, update the codec parser to include a buffer size check before reading to prevent buffer over-read. For Qualcomm Snapdragon Consumer IOT versions APQ8009 through SM8250, update the codec parser to include a buffer size check before reading to prevent buffer over-read. For Qualcomm Snapdragon Industrial IOT versions APQ8009 through SM8250, update the codec parser to include a buffer size check before reading to prevent buffer over-read. For Qualcomm Snapdragon IoT versions APQ8009 through SM8250, update the codec parser to include a buffer size check before reading to prevent buffer over-read. For Qualcomm Snapdragon Mobile versions APQ8009 through SM8250, update the codec parser to include a buffer size check before reading to prevent buffer over-read. For Qualcomm Snapdragon Voice & Music versions APQ8009 through SM8250, update the codec parser to include a buffer size check before reading to prevent buffer over-read. For Qualcomm Snapdragon Wearables versions APQ8009 through SM8250, update the codec parser to include a buffer size check before reading to prevent buffer over-read.