CVE-2022-25676

6.8MEDIUM

Key Information:

Vendor: Qualcomm
Status: Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Wearables
Vendor: CVE Published:; 15 November 2022

Summary

Information disclosure in video due to buffer over-read while parsing avi files in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Affected Version(s)

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables AQT1000

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables QAM8295P

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables QCA6390

References

https://www.qualcomm.com/company/product-security/bulleti...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2022
Vulnerability Reserved
Feb 22, 2022