Out-of-bounds read in Qualcomm products - CVE-2020-3688
Published: July 10, 2020 / Updated: March 3, 2021
Vulnerability identifier: #VU29651
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-3688
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
APQ8009
APQ8098
APQ8096AU
APQ8053
APQ8017
Kamorta
MSM8953
MSM8940
MSM8937
MSM8920
MSM8917
MSM8909W
MSM8905
MDM9607
MDM9207C
MDM9206
MSM8996
MSM8996AU
MSM8998
QM215
QCS605
QCS405
QCM2150
QCA6574AU
Nicobar
SXR1130
SDM710
SDM670
SDA660
Rennell
SM7150
SM6150
SXR2130
SM8250
SM8150
SDX20
SDM845
SDM660
SDM636
SDM632
SDM630
SDM450
SDM439
SDM429W
SDM429
SDA845
Saipan
SA6155P
APQ8009
APQ8098
APQ8096AU
APQ8053
APQ8017
Kamorta
MSM8953
MSM8940
MSM8937
MSM8920
MSM8917
MSM8909W
MSM8905
MDM9607
MDM9207C
MDM9206
MSM8996
MSM8996AU
MSM8998
QM215
QCS605
QCS405
QCM2150
QCA6574AU
Nicobar
SXR1130
SDM710
SDM670
SDA660
Rennell
SM7150
SM6150
SXR2130
SM8250
SM8150
SDX20
SDM845
SDM660
SDM636
SDM632
SDM630
SDM450
SDM439
SDM429W
SDM429
SDA845
Saipan
SA6155P
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Video while parsing mp4 clip with corrupted sample atoms. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.
Remediation
Install updates from vendor's website.