CVE-2019-2281
HIGHQualcomm Snapdragon Firmware - Unauthenticated Remote Code Execution via Bitmap Image Loading
Title source: llmDescription
An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX24, SXR1130
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
15.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (20)
qualcomm/qcs405_firmware
qualcomm/qcs605_firmware
qualcomm/sd_636_firmware
qualcomm/sd_665_firmware
qualcomm/sd_670_firmware
qualcomm/sd_675_firmware
qualcomm/sd_710_firmware
qualcomm/sd_712_firmware
qualcomm/sd_730_firmware
qualcomm/sd_820_firmware
... and 10 more
Published
Jul 25, 2019
Tracked Since
Feb 18, 2026