First published: Mon Nov 04 2019(Updated: )
Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | ||
Qualcomm Apq8009 | ||
Google Android | ||
Qualcomm Apq8017 | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Apq8064 | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Apq8098 | ||
Qualcomm Mdm9206 Firmware | ||
Qualcomm Mdm9206 | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Mdm9607 | ||
Qualcomm Msm8905 Firmware | ||
Qualcomm Msm8905 | ||
Google Android | ||
Qualcomm Msm8909 | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Msm891 | ||
Google Android | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Msm8996 Firmware | ||
Google Android | ||
Google Android | ||
Qualcomm Msm8996au | ||
Google Android | ||
Qualcomm Nicobar | ||
Qualcomm Qcs405 Firmware | ||
Google Android | ||
Qualcomm Qcs605 Firmware | ||
Google Android | ||
Qualcomm Qm215 Firmware | ||
Qualcomm Qm215 | ||
Google Android | ||
Google Android | ||
Qualcomm Sda845 Firmware | ||
Qualcomm Sda845 | ||
Google Android | ||
Google Android | ||
Qualcomm Sdm439 Firmware | ||
Qualcomm Sdm439 | ||
Google Android | ||
Qualcomm SDM450 | ||
Qualcomm Sdm630 Firmware | ||
Qualcomm Sdm630 | ||
Qualcomm Sdm632 Firmware | ||
Qualcomm Sdm632 | ||
Google Android | ||
Qualcomm Sdm636 | ||
Qualcomm Sdm660 Firmware | ||
Qualcomm Sdm660 | ||
Google Android | ||
Qualcomm Sdx20 | ||
Google Android | ||
Qualcomm Sm6150 | ||
Google Android | ||
Google Android | ||
Qualcomm Sm8150 Firmware | ||
Qualcomm Sm8150 | ||
Qualcomm Sm8250 Firmware | ||
Qualcomm SM8250 | ||
Qualcomm Sxr1130 Firmware | ||
Qualcomm Sxr1130 | ||
Qualcomm Sxr2130 Firmware | ||
Qualcomm Sxr2130 | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-10559 is a vulnerability that allows accessing data buffer beyond the available data while parsing ogg clip, leading to null-pointer dereference and memory corruption.
CVE-2019-10559 affects Google Android, Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, and Snapdragon Vo.
CVE-2019-10559 has a severity rating of 9.8 (critical).
To fix CVE-2019-10559, it is recommended to apply the patches and updates provided by Qualcomm and Google.
You can find more information about CVE-2019-10559 on the Qualcomm Product Security Bulletins and the Android Security Bulletin websites.