CVE-2020-3633: Out-of-bounds Read
First published: Mon May 04 2020(Updated: )
Array out of bound may occur while playing mp3 file as no check is there on offset if it is greater than the buffer allocated or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, MSM8998, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Qualcomm APQ8009W Firmware | ||
| Qualcomm APQ8009W | ||
| qualcomm apq8053-ac firmware | ||
| Qualcomm APQ8053 Firmware | ||
| Qualcomm APQ8096AU Firmware | ||
| Qualcomm APQ8096AU Firmware | ||
| qualcomm APQ8098 | ||
| Qualcomm 8098 | ||
| Qualcomm Kamorta | ||
| qualcomm Kamorta firmware | ||
| Qualcomm MDM9206 | ||
| Qualcomm MDM9206 firmware | ||
| qualcomm MDM9207C firmware | ||
| Qualcomm 9207 LTE Modem | ||
| Qualcomm MD9607 Firmware | ||
| Qualcomm MDM9607 firmware | ||
| Qualcomm 8905 Firmware | ||
| Qualcomm 8905 | ||
| Qualcomm MSM8909W | ||
| Qualcomm Snapdragon 8909 | ||
| Qualcomm MSM8917 | ||
| Qualcomm MSM8917 Firmware | ||
| Qualcomm 8953 Firmware | ||
| Qualcomm MSM8953 Firmware | ||
| qualcomm MSM8996AU firmware | ||
| Qualcomm MSM8996AU Firmware | ||
| Qualcomm MSM8998 | ||
| Qualcomm 8998 | ||
| Qualcomm QCS405 Firmware | ||
| Qualcomm QCS405 Firmware | ||
| Qualcomm ZZ QCS605 firmware | ||
| Qualcomm QCS605 Firmware | ||
| Qualcomm 215 Firmware | ||
| Qualcomm 215 | ||
| Qualcomm Rennell | ||
| qualcomm Rennell firmware | ||
| Qualcomm Saipan Firmware | ||
| Qualcomm Saipan Firmware | ||
| Qualcomm SDA660 | ||
| Qualcomm SDA660 | ||
| Qualcomm SDM429W | ||
| Qualcomm SD429 | ||
| Qualcomm SDM429W | ||
| qualcomm SDM429W firmware | ||
| qualcomm SDM439 firmware | ||
| Qualcomm SDM439 Firmware | ||
| Qualcomm SD 450 Firmware | ||
| Qualcomm Snapdragon 450 | ||
| qualcomm SDM630 firmware | ||
| qualcomm SDM630 | ||
| Qualcomm SDM632 | ||
| Qualcomm SDM632 | ||
| Qualcomm SD 636 Firmware | ||
| Qualcomm SDM636 Firmware | ||
| Qualcomm SD660 Firmware | ||
| Qualcomm Snapdragon 660 | ||
| Qualcomm SD 670 Firmware | ||
| Qualcomm SDM670 Firmware | ||
| Qualcomm SD710 Firmware | ||
| Qualcomm Snapdragon 710 | ||
| Qualcomm SDA/SDM845 Firmware | ||
| Qualcomm Snapdragon 845 | ||
| Qualcomm SDX20 Firmware | ||
| Qualcomm SDX20 Firmware | ||
| qualcomm SM6150P firmware | ||
| Qualcomm SM6150P | ||
| qualcomm SM7150 firmware | ||
| qualcomm SM7150 firmware | ||
| Qualcomm SM8150P Firmware | ||
| Qualcomm SM8150 Fusion | ||
| Qualcomm SM8250 | ||
| Qualcomm qsm8250 | ||
| qualcomm SXR2130P firmware | ||
| Qualcomm SXR2130 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-3633?
CVE-2020-3633 has a high severity rating due to the potential for array out of bounds errors when processing MP3 files.
How do I fix CVE-2020-3633?
To fix CVE-2020-3633, update the firmware of the affected Qualcomm devices to the latest available version that addresses the vulnerability.
Which devices are affected by CVE-2020-3633?
CVE-2020-3633 affects a variety of Qualcomm Snapdragon products including those in mobile, industrial IoT, and automotive categories.
What type of vulnerability is CVE-2020-3633?
CVE-2020-3633 is an array out of bounds vulnerability found in the playback of MP3 files.
Can exploitation of CVE-2020-3633 lead to device compromise?
Yes, exploitation of CVE-2020-3633 could potentially allow an attacker to execute arbitrary code on affected devices.
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/last-modified-date
- agent/source
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/google
- canonical/android
- vendor/qualcomm
- canonical/qualcomm apq8009w firmware
- canonical/qualcomm apq8009w
- canonical/qualcomm apq8053-ac firmware
- canonical/qualcomm apq8053 firmware
- canonical/qualcomm apq8096au firmware
- canonical/qualcomm apq8098
- canonical/qualcomm 8098
- canonical/qualcomm kamorta
- canonical/qualcomm kamorta firmware
- canonical/qualcomm mdm9206
- canonical/qualcomm mdm9206 firmware
- canonical/qualcomm mdm9207c firmware
- canonical/qualcomm 9207 lte modem
- canonical/qualcomm md9607 firmware
- canonical/qualcomm mdm9607 firmware
- canonical/qualcomm 8905 firmware
- canonical/qualcomm 8905
- canonical/qualcomm msm8909w
- canonical/qualcomm snapdragon 8909
- canonical/qualcomm msm8917
- canonical/qualcomm msm8917 firmware
- canonical/qualcomm 8953 firmware
- canonical/qualcomm msm8953 firmware
- canonical/qualcomm msm8996au firmware
- canonical/qualcomm msm8998
- canonical/qualcomm 8998
- canonical/qualcomm qcs405 firmware
- canonical/qualcomm zz qcs605 firmware
- canonical/qualcomm qcs605 firmware
- canonical/qualcomm 215 firmware
- canonical/qualcomm 215
- canonical/qualcomm rennell
- canonical/qualcomm rennell firmware
- canonical/qualcomm saipan firmware
- canonical/qualcomm sda660
- canonical/qualcomm sdm429w
- canonical/qualcomm sd429
- canonical/qualcomm sdm429w firmware
- canonical/qualcomm sdm439 firmware
- canonical/qualcomm sd 450 firmware
- canonical/qualcomm snapdragon 450
- canonical/qualcomm sdm630 firmware
- canonical/qualcomm sdm630
- canonical/qualcomm sdm632
- canonical/qualcomm sd 636 firmware
- canonical/qualcomm sdm636 firmware
- canonical/qualcomm sd660 firmware
- canonical/qualcomm snapdragon 660
- canonical/qualcomm sd 670 firmware
- canonical/qualcomm sdm670 firmware
- canonical/qualcomm sd710 firmware
- canonical/qualcomm snapdragon 710
- canonical/qualcomm sda/sdm845 firmware
- canonical/qualcomm snapdragon 845
- canonical/qualcomm sdx20 firmware
- canonical/qualcomm sm6150p firmware
- canonical/qualcomm sm6150p
- canonical/qualcomm sm7150 firmware
- canonical/qualcomm sm8150p firmware
- canonical/qualcomm sm8150 fusion
- canonical/qualcomm sm8250
- canonical/qualcomm qsm8250
- canonical/qualcomm sxr2130p firmware
- canonical/qualcomm sxr2130