CVE-2017-18278 (mdm9206_firmware, mdm9607_firmware, mdm9650_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_425_firmware, sd_430_firmware, sd_450_firmware, sd_625_firmware, sd_650_firmware, sd_652_firmware, sd_820_firmware, sd_820a_firmware, sd_835_firmware, sd_845_firmware, sd_850_firmware)

An integer underflow may occur due to lack of check when received data length from font_mgr_qsee_request_service is bigger than the minimal value of the segment header, which may result in a buffer overflow, in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850.
Source: NIST
CVE-2017-18278 (mdm9206_firmware, mdm9607_firmware, mdm9650_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_425_firmware, sd_430_firmware, sd_450_firmware, sd_625_firmware, sd_650_firmware, sd_652_firmware, sd_820_firmware, sd_820a_firmware, sd_835_firmware, sd_845_firmware, sd_850_firmware)

Leave a Reply

Your email address will not be published.