What is CVE-2017-18074?

CVE-2017-18074 is a vulnerability in Android devices running Qualcomm Snapdragon Mobile and Snapdragon Wear.

How severe is CVE-2017-18074?

CVE-2017-18074 has a severity rating of 9.8 (critical).

Which devices are affected by CVE-2017-18074?

Android devices running Qualcomm Snapdragon Mobile and Snapdragon Wear are affected by CVE-2017-18074.

How can I fix CVE-2017-18074?

To fix CVE-2017-18074, update your Android device to the security patch level 2018-04-05 or later.

Where can I find more information about CVE-2017-18074?

You can find more information about CVE-2017-18074 on the following references: [http://www.securityfocus.com/bid/103671](http://www.securityfocus.com/bid/103671), [https://source.android.com/security/bulletin/2018-04-01](https://source.android.com/security/bulletin/2018-04-01), [https://source.android.com/docs/security/bulletin/2018-04-01/#asterisk](https://source.android.com/docs/security/bulletin/2018-04-01/#asterisk).

Vulnerability/
CVE-2017-18074

critical

CWE

2/4/2018

11/4/2018

16/9/2024

CVE-2017-18074: Input Validation

First published: Mon Apr 02 2018(Updated: )

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, SD 835, while playing a .wma file with modified media header with non-standard bytes per second parameter value, a reachable assert occurs.

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
Qualcomm Mdm9607 Firmware
Qualcomm Mdm9607
Qualcomm Mdm9625 Firmware
Google Android
Google Android
Qualcomm Mdm9635m
Qualcomm Mdm9640 Firmware
Qualcomm Mdm9640
Qualcomm Mdm9645 Firmware
Qualcomm Mdm9645
Qualcomm Mdm9650 Firmware
Qualcomm Mdm9650
Qualcomm Mdm9655 Firmware
Qualcomm Mdm9655
Qualcomm Msm8909w Firmware
Qualcomm Msm8909w
Qualcomm Sd 210 Firmware
Qualcomm Sd 210
Qualcomm Sd 212 Firmware
Qualcomm Sd 212
Qualcomm Sd 205 Firmware
Qualcomm Sd 205
Qualcomm Sd 400 Firmware
Qualcomm Sd 400
Qualcomm Sd 410 Firmware
Qualcomm Sd 410
Qualcomm Sd 412 Firmware
Qualcomm Sd 412
Qualcomm Sd 425 Firmware
Qualcomm Sd 425
Qualcomm Sd 430 Firmware
Qualcomm Sd 430
Qualcomm Sd 615 Firmware
Qualcomm Sd 615
Qualcomm Sd 616 Firmware
Qualcomm Sd 616
Qualcomm Sd 415 Firmware
Qualcomm Sd 415
Google Android
Qualcomm Sd 808
Google Android
Qualcomm Sd 810
Qualcomm Sd 820 Firmware
Qualcomm Sd 820
Qualcomm Sd 835 Firmware
Qualcomm Sd 835
Google Android

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-18074?
CVE-2017-18074 is a vulnerability in Android devices running Qualcomm Snapdragon Mobile and Snapdragon Wear.
How severe is CVE-2017-18074?
CVE-2017-18074 has a severity rating of 9.8 (critical).
Which devices are affected by CVE-2017-18074?
Android devices running Qualcomm Snapdragon Mobile and Snapdragon Wear are affected by CVE-2017-18074.
How can I fix CVE-2017-18074?
To fix CVE-2017-18074, update your Android device to the security patch level 2018-04-05 or later.
Where can I find more information about CVE-2017-18074?
You can find more information about CVE-2017-18074 on the following references: [http://www.securityfocus.com/bid/103671](http://www.securityfocus.com/bid/103671), [https://source.android.com/security/bulletin/2018-04-01](https://source.android.com/security/bulletin/2018-04-01), [https://source.android.com/docs/security/bulletin/2018-04-01/#asterisk](https://source.android.com/docs/security/bulletin/2018-04-01/#asterisk).