CVE-2014-9998: Buffer Overflow
First published: Mon Apr 02 2018(Updated: )
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 625, SD 808, SD 810, SD 820, and SDX20, while processing firmware image signature, the internal buffer may overflow if the firmware signature size is large.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Qualcomm MDM9206 | ||
| Qualcomm MDM9206 firmware | ||
| Qualcomm MD9607 Firmware | ||
| Qualcomm MDM9607 firmware | ||
| Qualcomm IPQ4019 | ||
| Qualcomm IPQ4019 Firmware | ||
| Qualcomm IPQ8064 Firmware | ||
| Qualcomm IPQ8064 Firmware | ||
| Qualcomm MDM9635M firmware | ||
| Qualcomm MDM9635M firmware | ||
| Qualcomm MDM9640 Firmware | ||
| Qualcomm MDM9640 Firmware | ||
| Qualcomm MDM9645 | ||
| Qualcomm MDM9645 | ||
| Qualcomm MDM9650 | ||
| Qualcomm MDM9650 firmware | ||
| Qualcomm QCA4531 | ||
| Qualcomm QCA4531 | ||
| Qualcomm QCA6174A Firmware | ||
| Qualcomm QCA6174A Firmware | ||
| Qualcomm SD210 Firmware | ||
| Qualcomm SD 210 Firmware | ||
| Qualcomm SD 212 | ||
| Qualcomm SD 212 Firmware | ||
| Qualcomm 205 Firmware | ||
| Qualcomm SD205 Firmware | ||
| Qualcomm QCA6574 Firmware | ||
| Qualcomm QCA6574AU | ||
| Qualcomm QCA6584 | ||
| Qualcomm QCA6584AU firmware | ||
| Qualcomm QCA6584AU Firmware | ||
| Qualcomm QCA6584AU firmware | ||
| Qualcomm SDR425 Firmware | ||
| Qualcomm Snapdragon 425 | ||
| Qualcomm QCA9377 Firmware | ||
| Qualcomm QCA9377 Firmware | ||
| Qualcomm QCA9378A Firmware | ||
| Qualcomm QCA9378 Firmware | ||
| Qualcomm QCA9379 | ||
| Qualcomm QCA9379 | ||
| Qualcomm QCA9558 Firmware | ||
| Qualcomm QCA9558 Firmware | ||
| Qualcomm QCA9880 | ||
| Qualcomm QCA9880 | ||
| Qualcomm QCA9886 Firmware | ||
| Qualcomm QCA9886 Firmware | ||
| Qualcomm SD 625 Firmware | ||
| Qualcomm Snapdragon 625 | ||
| Qualcomm QCA9980 Firmware | ||
| Qualcomm QCA9980 Firmware | ||
| Qualcomm SD 808 Firmware | ||
| Qualcomm Snapdragon 808 | ||
| Qualcomm Snapdragon 810 Firmware | ||
| Qualcomm Snapdragon 810 | ||
| Qualcomm SD820 Firmware | ||
| Qualcomm SD820 Firmware | ||
| Qualcomm SDX20 Firmware | ||
| Qualcomm SDX20 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-9998?
The severity of CVE-2014-9998 is critical with a severity score of 9.8.
Which devices are affected by CVE-2014-9998?
Devices running Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9558, QCA9880, and QCA9886 firmware are affected by CVE-2014-9998.
How can I fix CVE-2014-9998?
You can fix CVE-2014-9998 by updating your Android device to a security patch level released on or after 2018-04-05.
What is the Common Weakness Enumeration (CWE) ID for CVE-2014-9998?
The CWE ID for CVE-2014-9998 is 119.
Where can I find more information about CVE-2014-9998?
You can find more information about CVE-2014-9998 at the following references: [1](http://www.securityfocus.com/bid/103671), [2](https://source.android.com/security/bulletin/2018-04-01), [3](https://source.android.com/docs/security/bulletin/2018-04-01/#asterisk)
- agent/references
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- collector/nvd-index
- agent/softwarecombine
- vendor/google
- canonical/android
- vendor/qualcomm
- canonical/qualcomm mdm9206
- canonical/qualcomm mdm9206 firmware
- canonical/qualcomm md9607 firmware
- canonical/qualcomm mdm9607 firmware
- canonical/qualcomm ipq4019
- canonical/qualcomm ipq4019 firmware
- canonical/qualcomm ipq8064 firmware
- canonical/qualcomm mdm9635m firmware
- canonical/qualcomm mdm9640 firmware
- canonical/qualcomm mdm9645
- canonical/qualcomm mdm9650
- canonical/qualcomm mdm9650 firmware
- canonical/qualcomm qca4531
- canonical/qualcomm qca6174a firmware
- canonical/qualcomm sd210 firmware
- canonical/qualcomm sd 210 firmware
- canonical/qualcomm sd 212
- canonical/qualcomm sd 212 firmware
- canonical/qualcomm 205 firmware
- canonical/qualcomm sd205 firmware
- canonical/qualcomm qca6574 firmware
- canonical/qualcomm qca6574au
- canonical/qualcomm qca6584
- canonical/qualcomm qca6584au firmware
- canonical/qualcomm sdr425 firmware
- canonical/qualcomm snapdragon 425
- canonical/qualcomm qca9377 firmware
- canonical/qualcomm qca9378a firmware
- canonical/qualcomm qca9378 firmware
- canonical/qualcomm qca9379
- canonical/qualcomm qca9558 firmware
- canonical/qualcomm qca9880
- canonical/qualcomm qca9886 firmware
- canonical/qualcomm sd 625 firmware
- canonical/qualcomm snapdragon 625
- canonical/qualcomm qca9980 firmware
- canonical/qualcomm sd 808 firmware
- canonical/qualcomm snapdragon 808
- canonical/qualcomm snapdragon 810 firmware
- canonical/qualcomm snapdragon 810
- canonical/qualcomm sd820 firmware
- canonical/qualcomm sdx20 firmware