Invalid Memory Access in VP9 Decoding Hardware

CVE-2017-11076

9.8CRITICAL

Key Information

Vendor: Qualcomm
Status: Snapdragon
Vendor: CVE Published:; 26 November 2024

Summary

On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.

Affected Version(s)

Snapdragon = MSM8909W

Snapdragon = MSM8996AU

Snapdragon = SD 210/SD 212/SD 205

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 9.8 to: 8.8 - (HIGH)
Nov 26, 2024
Vulnerability published.
Nov 26, 2024
Vulnerability Reserved.
Jul 7, 2017

Collectors

NVD DatabaseMitre Database