CVE-2019-2272
Last modified
CVE-2019-2272 is a vulnerability of currently unknown severity. Buffer overflow can occur in display function due to lack of validation of header block size set by user. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SDM660, SDX20. EPSS estimates a 0.20% chance of exploitation in the next 30 days.
Description
Buffer overflow can occur in display function due to lack of validation of header block size set by user. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SDM660, SDX20
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Mdm9206 Firmware | All versions |
| Qualcomm | Mdm9607 Firmware | All versions |
| Qualcomm | Mdm9650 Firmware | All versions |
| Qualcomm | Msm8909w Firmware | All versions |
| Qualcomm | Msm8996au Firmware | All versions |
| Qualcomm | Sd 210 Firmware | All versions |
| Qualcomm | Sd 212 Firmware | All versions |
| Qualcomm | Sd 205 Firmware | All versions |
| Qualcomm | Sd 425 Firmware | All versions |
| Qualcomm | Sd 427 Firmware | All versions |
| Qualcomm | Sd 430 Firmware | All versions |
| Qualcomm | Sd 435 Firmware | All versions |
| Qualcomm | Sd 450 Firmware | All versions |
| Qualcomm | Sd 615 Firmware | All versions |
| Qualcomm | Sd 616 Firmware | All versions |
| Qualcomm | Sd 415 Firmware | All versions |
| Qualcomm | Sd 625 Firmware | All versions |
| Qualcomm | Sd 636 Firmware | All versions |
| Qualcomm | Sd 650 Firmware | All versions |
| Qualcomm | Sd 652 Firmware | All versions |
| Qualcomm | Sd 712 Firmware | All versions |
| Qualcomm | Sd 710 Firmware | All versions |
| Qualcomm | Sd 670 Firmware | All versions |
| Qualcomm | Sd 820a Firmware | All versions |
| Qualcomm | Sd 845 Firmware | All versions |
| Qualcomm | Sd 850 Firmware | All versions |
| Qualcomm | Sdm660 Firmware | All versions |
| Qualcomm | Sdx20 Firmware | All versions |
References
- https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletinPatch, Third Party Advisory
- https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletinPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-2272?
How severe is CVE-2019-2272?
How do I fix CVE-2019-2272?
Are you affected by CVE-2019-2272?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST