CVE-2017-18278

CVE Database · CVE-2017-18278

CVE-2017-18278

· N/AModified

CVSS v3.1

N/A

EPSS

0.24%

Published

May 6, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An integer underflow may occur due to lack of check when received data length from font_mgr_qsee_request_service is bigger than the minimal value of the segment header, which may result in a buffer overflow, in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850.

Weaknesses (CWE)

CWE-191

Affected Products (34)

qualcomm · mdm9206_firmwarevulnerable

qualcomm · mdm9206

qualcomm · mdm9607_firmwarevulnerable

qualcomm · mdm9607

qualcomm · mdm9650_firmwarevulnerable

qualcomm · mdm9650

qualcomm · sd_210_firmwarevulnerable

qualcomm · sd_210

qualcomm · sd_212_firmwarevulnerable

qualcomm · sd_212

qualcomm · sd_205_firmwarevulnerable

· sd_205

References (2)

https://www.qualcomm.com/company/product-security/bulletins

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs