Vulnerabilities > CVE-2019-10627 - Incorrect Calculation of Buffer Size vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

qualcomm

CWE-131

critical

NVD

Published: 2019-11-21

Updated: 2022-04-12

Summary

Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that use IPS versions prior to 2019.2 in PostScript and PDF printers that use IPS versions prior to 2019.2

Vulnerable Configurations

Part	Description	Count
Application	Qualcomm Qualcomm IPS *	1
OS	Hp HP D9L63A Firmware * HP D9L64A Firmware * HP T0G70A Firmware * HP J3P65A Firmware * HP J3P68A Firmware * HP J6U57A Firmware * HP J6U57B Firmware 001.1829A HP J9V80A Firmware 001.1829A HP J9V80B Firmware 001.1829A HP J6U55A Firmware 001.1829A HP J6U55D Firmware 001.1829A HP J6U51B Firmware * HP J9V82A Firmware 001.1829A HP J9V82D Firmware 001.1829A HP J9V78B Firmware * HP D3Q15A Firmware 001.1829A HP D3Q15B Firmware 001.1829A HP D3Q15D Firmware 001.1829A HP D3Q16A Firmware 001.1829A HP D3Q16D Firmware 001.1829A HP W2Z52B Firmware * HP D3Q19A Firmware 001.1829A HP D3Q19B Firmware * HP D3Q19D Firmware 001.1829A HP D3Q20A Firmware 001.1829A HP D3Q20B Firmware 001.1829A HP D3Q20C Firmware 001.1829A HP D3Q20D Firmware 001.1829A HP W2Z53B Firmware * HP 2Dr21D Firmware * HP D3Q17A Firmware 001.1829A HP D3Q17D Firmware 001.1829A HP K9Z74A Firmware * HP K9Z74D Firmware * HP D3Q21A Firmware 001.1829A HP D3Q21B Firmware * HP D3Q21C Firmware 001.1829A HP D3Q21D Firmware 001.1829A HP K9Z76A Firmware 001.1829A HP K9Z76B Firmware * HP K9Z76D Firmware 001.1829A	41
Hardware	Hp HP D9L63A - HP D9L64A - HP T0G70A - HP J3P65A - HP J3P68A - HP J6U57A - HP J6U57B - HP J9V80A - HP J9V80B - HP J6U55A - HP J6U55D - HP J6U51B - HP J9V82A - HP J9V82D - HP J9V78B - HP D3Q15A - HP D3Q15B - HP D3Q15D - HP D3Q16A - HP D3Q16D - HP W2Z52B - HP D3Q19A - HP D3Q19B - HP D3Q19D - HP D3Q20A - HP D3Q20B - HP D3Q20C - HP D3Q20D - HP W2Z53B - HP 2Dr21D - HP D3Q17A - HP D3Q17D - HP K9Z74A - HP K9Z74D - HP D3Q21A - HP D3Q21B - HP D3Q21C - HP D3Q21D - HP K9Z76A - HP K9Z76B - HP K9Z76D -	41

Common Weakness Enumeration (CWE)

CWE-131 - Incorrect Calculation of Buffer Size

Common Attack Pattern Enumeration and Classification (CAPEC)

Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Buffer Overflow via Parameter Expansion
In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References