CVE-2019-10586

CRITICAL

Qualcomm Snapdragon - Buffer Overflow in Media Attribute Tag Handling

Title source: llm
STIX 2.1

Description

Filling media attribute tag names without validating the destination buffer size which can result in the buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0090
EPSS Percentile 55.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (50)
qualcomm/apq8009_firmware
qualcomm/apq8017_firmware
qualcomm/apq8053_firmware
qualcomm/apq8096au_firmware
qualcomm/apq8098_firmware
qualcomm/mdm9150_firmware
qualcomm/mdm9205_firmware
qualcomm/mdm9206_firmware
qualcomm/mdm9607_firmware
qualcomm/mdm9615_firmware
... and 40 more
Published Mar 05, 2020
Tracked Since Feb 18, 2026