What is CVE-2019-2251?

CVE-2019-2251 is a vulnerability in Android and Qualcomm products that can cause a stack buffer overflow when loading a bitmap file from an unauthenticated source.

How severe is CVE-2019-2251?

CVE-2019-2251 has a severity rating of 7.8 out of 10, indicating it is critical.

How can I fix CVE-2019-2251?

To fix CVE-2019-2251, update to the latest version of Android and apply any available security patches from Qualcomm.

Where can I find more information about CVE-2019-2251?

You can find more information about CVE-2019-2251 in the Qualcomm October 2019 Security Bulletin and the Android Security Bulletin for October 2019.

Vulnerability/
CVE-2019-2251

high

7.8

CWE

787 119

7/10/2019

21/11/2019

26/8/2024

CVE-2019-2251: Buffer Overflow

First published: Mon Oct 07 2019(Updated: 8 months ago)

If a bitmap file is loaded from any un-authenticated source, there is a possibility that the bitmap can potentially cause stack buffer overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8016, APQ8096AU, APQ8098, MDM9205, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
Android
Qualcomm APQ8016
Qualcomm APQ8016
Qualcomm APQ8096AU Firmware
Qualcomm APQ8096AU Firmware
Qualcomm 8098 Firmware
Qualcomm APQ8098
Qualcomm 9205 Firmware
Qualcomm 9205
qualcomm MSM8996AU firmware
Qualcomm MSM8996AU Firmware
Qualcomm MSM8998
Qualcomm 8998
Qualcomm Nicobar
Qualcomm Nicobar
Qualcomm QCS405 Firmware
Qualcomm QCS405 Firmware
Qualcomm QCS605
Qualcomm QCS605 Firmware
Qualcomm SA6155
Qualcomm SA6155P
qualcomm SC8180X firmware
Qualcomm SC8180X
Qualcomm SDA660
Qualcomm SDA660
Qualcomm SD 845 Firmware
Qualcomm Snapdragon 845
Qualcomm SDM630
Qualcomm SDM630 Firmware
Qualcomm SD 636 Firmware
Qualcomm SDM636 Firmware
Qualcomm SD660 Firmware
Qualcomm Snapdragon 660
Qualcomm SD 670 Firmware
Qualcomm SDM670 Firmware
Qualcomm SD 710 Firmware
Qualcomm Snapdragon 710
Qualcomm SDA/SDM845 Firmware
Qualcomm Snapdragon 845
Qualcomm Snapdragon 850 Firmware
Qualcomm SD850
Qualcomm SDX24
Qualcomm SDX24
Qualcomm SM6150P firmware
Qualcomm SM6150P
qualcomm SM7150P firmware
qualcomm SM7150 firmware
Qualcomm SM8150P Firmware
Qualcomm SM8150 Fusion
Qualcomm SM8250
qualcomm SM8250 firmware
Qualcomm SXR1130
Qualcomm SXR1130 Firmware
Qualcomm SXR2130P Firmware
Qualcomm SXR2130 Firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-2251?
CVE-2019-2251 is a vulnerability in Android and Qualcomm products that can cause a stack buffer overflow when loading a bitmap file from an unauthenticated source.
How severe is CVE-2019-2251?
CVE-2019-2251 has a severity rating of 7.8 out of 10, indicating it is critical.
Which products are affected by CVE-2019-2251?
Android and various Qualcomm products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IoT, Snapdragon Industrial, and more.
How can I fix CVE-2019-2251?
To fix CVE-2019-2251, update to the latest version of Android and apply any available security patches from Qualcomm.
Where can I find more information about CVE-2019-2251?
You can find more information about CVE-2019-2251 in the Qualcomm October 2019 Security Bulletin and the Android Security Bulletin for October 2019.

agent/type
agent/first-publish-date
agent/severity
agent/weakness
agent/references
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/event
agent/last-modified-date
agent/source
collector/android-source
source/Android
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
vendor/google
canonical/android
vendor/qualcomm
canonical/qualcomm apq8016
canonical/qualcomm apq8096au firmware
canonical/qualcomm 8098 firmware
canonical/qualcomm apq8098
canonical/qualcomm 9205 firmware
canonical/qualcomm 9205
canonical/qualcomm msm8996au firmware
canonical/qualcomm msm8998
canonical/qualcomm 8998
canonical/qualcomm nicobar
canonical/qualcomm qcs405 firmware
canonical/qualcomm qcs605
canonical/qualcomm qcs605 firmware
canonical/qualcomm sa6155
canonical/qualcomm sa6155p
canonical/qualcomm sc8180x firmware
canonical/qualcomm sc8180x
canonical/qualcomm sda660
canonical/qualcomm sd 845 firmware
canonical/qualcomm snapdragon 845
canonical/qualcomm sdm630
canonical/qualcomm sdm630 firmware
canonical/qualcomm sd 636 firmware
canonical/qualcomm sdm636 firmware
canonical/qualcomm sd660 firmware
canonical/qualcomm snapdragon 660
canonical/qualcomm sd 670 firmware
canonical/qualcomm sdm670 firmware
canonical/qualcomm sd 710 firmware
canonical/qualcomm snapdragon 710
canonical/qualcomm sda/sdm845 firmware
canonical/qualcomm snapdragon 850 firmware
canonical/qualcomm sd850
canonical/qualcomm sdx24
canonical/qualcomm sm6150p firmware
canonical/qualcomm sm6150p
canonical/qualcomm sm7150p firmware
canonical/qualcomm sm7150 firmware
canonical/qualcomm sm8150p firmware
canonical/qualcomm sm8150 fusion
canonical/qualcomm sm8250
canonical/qualcomm sm8250 firmware
canonical/qualcomm sxr1130
canonical/qualcomm sxr1130 firmware
canonical/qualcomm sxr2130p firmware
canonical/qualcomm sxr2130 firmware

CVE-2019-2251: Buffer Overflow

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-2251?

How severe is CVE-2019-2251?

Which products are affected by CVE-2019-2251?

How can I fix CVE-2019-2251?

Where can I find more information about CVE-2019-2251?

Company

Resources

Contact