First published: Mon Nov 04 2019(Updated: )
Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Android | ||
Qualcomm APQ8009W Firmware | ||
Qualcomm APQ8009W | ||
Qualcomm APQ8017 | ||
Qualcomm APQ8017 | ||
qualcomm apq8053-ac firmware | ||
Qualcomm APQ8053 Firmware | ||
Qualcomm APQ8064 AU Firmware | ||
Qualcomm APQ8064 AU Firmware | ||
Qualcomm APQ8096AU Firmware | ||
Qualcomm APQ8096AU Firmware | ||
qualcomm APQ8098 | ||
Qualcomm 8098 | ||
Qualcomm MDM9206 | ||
Qualcomm MDM9206 firmware | ||
qualcomm MDM9207C firmware | ||
Qualcomm 9207 LTE Modem | ||
Qualcomm MD9607 Firmware | ||
Qualcomm MDM9607 firmware | ||
Qualcomm 8905 Firmware | ||
Qualcomm 8905 | ||
Qualcomm MSM8909W | ||
Qualcomm MSM8909W | ||
Qualcomm MSM8909W | ||
Qualcomm Snapdragon 8909 | ||
Qualcomm MSM891 Firmware | ||
Qualcomm MSM891 Firmware | ||
Qualcomm MSM8939 | ||
Qualcomm MSM8939 | ||
Qualcomm 8953 Firmware | ||
Qualcomm MSM8953 Firmware | ||
Qualcomm 8996 Firmware | ||
Qualcomm Snapdragon 8996 | ||
qualcomm MSM8996AU firmware | ||
Qualcomm MSM8996AU Firmware | ||
Qualcomm Nicobar | ||
Qualcomm Nicobar | ||
Qualcomm QCS405 Firmware | ||
Qualcomm QCS405 Firmware | ||
Qualcomm ZZ QCS605 firmware | ||
Qualcomm QCS605 Firmware | ||
Qualcomm 215 Firmware | ||
Qualcomm 215 | ||
Qualcomm SDA660 | ||
Qualcomm SDA660 | ||
Qualcomm SD845 Firmware | ||
Qualcomm Snapdragon 845 | ||
Qualcomm SDM429W | ||
Qualcomm SD429 | ||
qualcomm SDM439 firmware | ||
Qualcomm SDM439 Firmware | ||
Qualcomm SD 450 Firmware | ||
Qualcomm Snapdragon 450 | ||
qualcomm SDM630 firmware | ||
qualcomm SDM630 | ||
Qualcomm SDM632 | ||
Qualcomm SDM632 | ||
Qualcomm SD 636 Firmware | ||
Qualcomm SDM636 Firmware | ||
Qualcomm SD660 Firmware | ||
Qualcomm Snapdragon 660 | ||
Qualcomm SDX20 Firmware | ||
Qualcomm SDX20 Firmware | ||
qualcomm SM6150P firmware | ||
Qualcomm SM6150P | ||
qualcomm SM7150 firmware | ||
qualcomm SM7150 firmware | ||
Qualcomm SM8150P Firmware | ||
Qualcomm SM8150 Fusion | ||
Qualcomm SM8250 | ||
Qualcomm qsm8250 | ||
Qualcomm SXR1130 | ||
Qualcomm SXR1130 Firmware | ||
qualcomm SXR2130P firmware | ||
Qualcomm SXR2130 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-10559 is a vulnerability that allows accessing data buffer beyond the available data while parsing ogg clip, leading to null-pointer dereference and memory corruption.
CVE-2019-10559 affects Google Android, Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, and Snapdragon Vo.
CVE-2019-10559 has a severity rating of 9.8 (critical).
To fix CVE-2019-10559, it is recommended to apply the patches and updates provided by Qualcomm and Google.
You can find more information about CVE-2019-10559 on the Qualcomm Product Security Bulletins and the Android Security Bulletin websites.