CVE-2019-14078

HIGH

Snapdragon Auto-SDM845 - Memory Corruption

Title source: llm

Description

Out of bound memory access while processing qpay due to not validating length of the response buffer provided by User. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845

References (1)

[Vendor Advisory] https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 12.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-131

Status published

Products (10)

qualcomm/apq8009_firmware

qualcomm/apq8098_firmware

qualcomm/msm8909_firmware

qualcomm/msm8998_firmware

qualcomm/sda660_firmware

qualcomm/sda845_firmware

qualcomm/sdm630_firmware

qualcomm/sdm636_firmware

qualcomm/sdm660_firmware

qualcomm/sdm845_firmware

Published Jun 02, 2020

Tracked Since Feb 18, 2026