CVE-2022-25686

CVE Database · CVE-2022-25686

CVE-2022-25686

· HIGHModified

CVSS v3.1

7.3

EPSS

0.31%

Published

Sep 16, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-120

Affected Products (214)

qualcomm · apq8017_firmwarevulnerable

qualcomm · apq8017

qualcomm · apq8053_firmwarevulnerable

qualcomm · apq8053

qualcomm · aqt1000_firmwarevulnerable

qualcomm · aqt1000

qualcomm · msm8917_firmwarevulnerable

qualcomm · msm8917

qualcomm · msm8953_firmwarevulnerable

qualcomm · msm8953

qualcomm · qca6390_firmwarevulnerable

· qca6390

References (2)

https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs