CVE-2022-25688

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions (affected versions not specified) Qualcomm Snapdragon Compute versions (affected versions not specified) Qualcomm Snapdragon Connectivity versions (affected versions not specified) Qualcomm Snapdragon Consumer IOT versions (affected versions not specified) Qualcomm Snapdragon Industrial IOT versions (affected versions not specified) Qualcomm Snapdragon Mobile versions (affected versions not specified) Qualcomm Snapdragon Voice & Music versions (affected versions not specified) Qualcomm Snapdragon Wearables versions (affected versions not specified)

Description The issue is related to a buffer overflow in the video component of Qualcomm's embedded software when handling .ps video files. This can be exploited by a remote attacker to cause a denial of service or execute arbitrary code. The vulnerability affects various Snapdragon products, including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables.

Recommendations For Qualcomm Snapdragon Auto, update to a version that includes the fix for the buffer overflow issue. For Qualcomm Snapdragon Compute, update to a version that includes the fix for the buffer overflow issue. For Qualcomm Snapdragon Connectivity, update to a version that includes the fix for the buffer overflow issue. For Qualcomm Snapdragon Consumer IOT, update to a version that includes the fix for the buffer overflow issue. For Qualcomm Snapdragon Industrial IOT, update to a version that includes the fix for the buffer overflow issue. For Qualcomm Snapdragon Mobile, update to a version that includes the fix for the buffer overflow issue. For Qualcomm Snapdragon Voice & Music, update to a version that includes the fix for the buffer overflow issue. For Qualcomm Snapdragon Wearables, update to a version that includes the fix for the buffer overflow issue. As a temporary workaround, consider disabling the video component when handling .ps files until a patch is available. Restrict access to the video parsing functionality to minimize the risk of exploitation. Avoid using the vulnerable video component in the affected Snapdragon products until the issue is resolved.