Vulnerabilities > Qualcomm > SD 625 Firmware

DATE CVE VULNERABILITY TITLE RISK
2018-10-23 CVE-2017-18170 Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products
Improper input validation in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.
low complexity
qualcomm CWE-191
8.8
2018-07-12 CVE-2017-18155 Improper Input Validation vulnerability in Qualcomm products
While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault.
local
low complexity
qualcomm CWE-20
7.8
2018-07-06 CVE-2018-5894 Improper Validation of Array Index vulnerability in Qualcomm products
Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur.
network
low complexity
qualcomm CWE-129
6.5
2018-07-06 CVE-2018-5892 Information Exposure vulnerability in Qualcomm products
The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-200
7.5
2018-07-06 CVE-2018-5891 Use After Free vulnerability in Qualcomm products
While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available.
local
low complexity
qualcomm CWE-416
8.4
2018-07-06 CVE-2018-5885 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-119
critical
9.8
2018-07-06 CVE-2018-5884 Improper Privilege Management vulnerability in Qualcomm products
Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents.
local
low complexity
qualcomm CWE-269
8.4
2018-07-06 CVE-2018-5882 Out-of-bounds Read vulnerability in Qualcomm products
While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-125
critical
9.8
2018-07-06 CVE-2018-5878 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-119
critical
9.8
2018-07-06 CVE-2018-5876 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-119
8.8