Vulnerabilities > Qualcomm > SD 617 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-23 | CVE-2017-18304 | Out-of-bounds Read vulnerability in multiple products Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660 and SDX20 | 7.8 |
| 2018-10-23 | CVE-2017-18303 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products While processing the sensors registry configuration file, if inputs are not validated a buffer overflow will occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MMDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20. | 7.8 |
| 2018-10-23 | CVE-2017-18298 | NULL Pointer Dereference vulnerability in Qualcomm products Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 . | 7.8 |
| 2018-10-23 | CVE-2017-18296 | Unspecified vulnerability in Qualcomm products Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. | 7.8 |
| 2018-10-23 | CVE-2017-18292 | Improper Input Validation vulnerability in Qualcomm products Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A. | 5.5 |
| 2018-10-23 | CVE-2017-18172 | Integer Overflow or Wraparound vulnerability in Qualcomm products In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016. | 7.8 |
| 2018-07-06 | CVE-2018-5894 | Improper Validation of Array Index vulnerability in Qualcomm products Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur. | 6.5 |
| 2018-07-06 | CVE-2018-5882 | Out-of-bounds Read vulnerability in Qualcomm products While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | 9.8 |
| 2018-07-06 | CVE-2018-5876 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | 8.8 |
| 2018-07-06 | CVE-2018-5875 | Integer Overflow or Wraparound vulnerability in Qualcomm products While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | 8.8 |