CVE-2019-14036: Out-of-bounds Read
First published: Mon Jan 06 2020(Updated: )
Possible buffer overflow issue in error processing due to improper validation of array index value in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MDM9615, MDM9640, MSM8996AU, QCN7605
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Qualcomm APQ8064 AU Firmware | ||
| Qualcomm APQ8064 AU Firmware | ||
| Qualcomm APQ8096AU Firmware | ||
| Qualcomm APQ8096AU Firmware | ||
| Qualcomm IPQ4019 | ||
| Qualcomm IPQ4019 Firmware | ||
| Qualcomm IPQ8064 Firmware | ||
| Qualcomm IPQ8064 Firmware | ||
| qualcomm ipq8074 firmware | ||
| Qualcomm IPQ8074A | ||
| Qualcomm MD9607 Firmware | ||
| Qualcomm MDM9607 firmware | ||
| Qualcomm MDM9615M Firmware | ||
| Qualcomm MDM9615 firmware | ||
| Qualcomm MDM9640 Firmware | ||
| Qualcomm MDM9640 Firmware | ||
| qualcomm MSM8996AU firmware | ||
| Qualcomm MSM8996AU Firmware | ||
| Qualcomm QCN7605 Firmware | ||
| Qualcomm QCN7605 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-14036?
CVE-2019-14036 has been classified with a medium severity level due to potential buffer overflow issues.
How do I fix CVE-2019-14036?
Fixing CVE-2019-14036 involves updating the affected Qualcomm firmware to the latest version released by Qualcomm.
What products are affected by CVE-2019-14036?
CVE-2019-14036 affects various Qualcomm Snapdragon products including automotive, consumer electronics, IoT, and mobile devices.
What type of vulnerability is CVE-2019-14036?
CVE-2019-14036 is a buffer overflow vulnerability related to improper validation of array index values.
Can CVE-2019-14036 be exploited remotely?
Yes, CVE-2019-14036 can potentially be exploited remotely depending on the context of use in the affected devices.
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/references
- agent/author
- agent/severity
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- vendor/google
- canonical/android
- vendor/qualcomm
- canonical/qualcomm apq8064 au firmware
- canonical/qualcomm apq8096au firmware
- canonical/qualcomm ipq4019
- canonical/qualcomm ipq4019 firmware
- canonical/qualcomm ipq8064 firmware
- canonical/qualcomm ipq8074 firmware
- canonical/qualcomm ipq8074a
- canonical/qualcomm md9607 firmware
- canonical/qualcomm mdm9607 firmware
- canonical/qualcomm mdm9615m firmware
- canonical/qualcomm mdm9615 firmware
- canonical/qualcomm mdm9640 firmware
- canonical/qualcomm msm8996au firmware
- canonical/qualcomm qcn7605 firmware