CVE-2019-10559

CRITICAL

Qualcomm Apq8009 Firmware - Out-of-Bounds Write

Title source: rule

Description

Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/november-2019-bulletin

Scores

CVSS v3 9.8

EPSS 0.0032

EPSS Percentile 54.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-125 CWE-476 CWE-787

Status published

Products (37)

qualcomm/apq8009_firmware

qualcomm/apq8017_firmware

qualcomm/apq8053_firmware

qualcomm/apq8064_firmware

qualcomm/apq8096au_firmware

qualcomm/apq8098_firmware

qualcomm/mdm9206_firmware

qualcomm/mdm9207c_firmware

qualcomm/mdm9607_firmware

qualcomm/msm8905_firmware

... and 27 more

Published Dec 12, 2019

Tracked Since Feb 18, 2026