CVE-2022-25653

6.8MEDIUM

Key Information:

Vendor: Qualcomm
Status: Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Wearables
Vendor: CVE Published:; 16 September 2022

Summary

Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Affected Version(s)

Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables APQ8053, AQT1000, MSM8953, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCM4290, QCM6490, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, Qualcomm215, SD 675, SD 8 Gen1 5G, SD429, SD460, SD480, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM429W, SDX50M, SDX55, SDX55M, SDXR2 5G, SM4125, SM6250, SM7250P, SM7315, SM7325P, SM7450, SM8475, SM8475P, SW5100, SW5100P, WCD9326, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835

References

https://www.qualcomm.com/company/product-security/bulleti...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 16, 2022
Vulnerability Reserved
Feb 22, 2022