ID CVE-2018-5876
Type cve
Reporter cve@mitre.org
Modified 2018-09-05T15:15:00
Description
While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
{"id": "CVE-2018-5876", "bulletinFamily": "NVD", "title": "CVE-2018-5876", "description": "While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.", "published": "2018-07-06T17:29:00", "modified": "2018-09-05T15:15:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5876", "reporter": "cve@mitre.org", "references": ["https://www.qualcomm.com/company/product-security/bulletins"], "cvelist": ["CVE-2018-5876"], "type": "cve", "lastseen": "2021-02-02T06:52:40", "edition": 4, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "android", "idList": ["ANDROID:CVE-2018-5876"]}], "modified": "2021-02-02T06:52:40", "rev": 2}, "score": {"value": 4.5, "vector": "NONE", "modified": "2021-02-02T06:52:40", "rev": 2}, "vulnersScore": 4.5}, "cpe": ["cpe:/o:qualcomm:sd_210_firmware:-", "cpe:/o:qualcomm:sd_617_firmware:-", "cpe:/o:qualcomm:sd_616_firmware:-", "cpe:/o:qualcomm:msm8909w_firmware:-", "cpe:/o:qualcomm:sd_615_firmware:-", "cpe:/o:qualcomm:sd_820_firmware:-", "cpe:/o:qualcomm:sd_820a_firmware:-", "cpe:/o:qualcomm:sd_652_firmware:-", "cpe:/o:qualcomm:sd_625_firmware:-", "cpe:/o:qualcomm:sd_415_firmware:-", "cpe:/o:qualcomm:sd_835_firmware:-", "cpe:/o:qualcomm:sd_212_firmware:-", "cpe:/o:qualcomm:mdm9206_firmware:-", "cpe:/o:qualcomm:sd_450_firmware:-", "cpe:/o:qualcomm:sd_600_firmware:-", "cpe:/o:qualcomm:sd_425_firmware:-", "cpe:/o:qualcomm:sd_845_firmware:-", "cpe:/o:qualcomm:sdx20_firmware:-", "cpe:/o:qualcomm:mdm9607_firmware:-", "cpe:/o:qualcomm:msm8996au_firmware:-", "cpe:/o:qualcomm:sd_430_firmware:-", "cpe:/o:qualcomm:mdm9650_firmware:-", "cpe:/o:qualcomm:sd_650_firmware:-", "cpe:/o:qualcomm:sd_205_firmware:-"], "affectedSoftware": [{"cpeName": "qualcomm:sd_650_firmware", "name": "qualcomm sd 650 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_615_firmware", "name": "qualcomm sd 615 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_450_firmware", "name": "qualcomm sd 450 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_425_firmware", "name": "qualcomm sd 425 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_835_firmware", "name": "qualcomm sd 835 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_820_firmware", "name": "qualcomm sd 820 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:msm8996au_firmware", "name": "qualcomm msm8996au firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_212_firmware", "name": "qualcomm sd 212 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_600_firmware", "name": "qualcomm sd 600 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_820a_firmware", "name": "qualcomm sd 820a firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_625_firmware", "name": "qualcomm sd 625 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_415_firmware", "name": "qualcomm sd 415 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_617_firmware", "name": "qualcomm sd 617 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:mdm9607_firmware", "name": "qualcomm mdm9607 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_652_firmware", "name": "qualcomm sd 652 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_845_firmware", "name": "qualcomm sd 845 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:mdm9206_firmware", "name": "qualcomm mdm9206 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:mdm9650_firmware", "name": "qualcomm mdm9650 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:msm8909w_firmware", "name": "qualcomm msm8909w firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_205_firmware", "name": "qualcomm sd 205 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_430_firmware", "name": "qualcomm sd 430 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_616_firmware", "name": "qualcomm sd 616 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_210_firmware", "name": "qualcomm sd 210 firmware", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sdx20_firmware", "name": "qualcomm sdx20 firmware", "operator": "eq", "version": "-"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*"], "cwe": ["CWE-119"], "scheme": null, "affectedConfiguration": [{"cpeName": "qualcomm:sd_652", "name": "qualcomm sd 652", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_205", "name": "qualcomm sd 205", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:mdm9650", "name": "qualcomm mdm9650", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_820", "name": "qualcomm sd 820", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_820a", "name": "qualcomm sd 820a", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_600", "name": "qualcomm sd 600", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:mdm9206", "name": "qualcomm mdm9206", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sdx20", "name": "qualcomm sdx20", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_845", "name": "qualcomm sd 845", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_415", "name": "qualcomm sd 415", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_650", "name": "qualcomm sd 650", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_616", "name": "qualcomm sd 616", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_617", "name": "qualcomm sd 617", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:mdm9607", "name": "qualcomm mdm9607", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_625", "name": "qualcomm sd 625", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_430", "name": "qualcomm sd 430", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:msm8996au", "name": "qualcomm msm8996au", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:msm8909w", "name": "qualcomm msm8909w", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_450", "name": "qualcomm sd 450", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_835", "name": "qualcomm sd 835", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_210", "name": "qualcomm sd 210", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_615", "name": "qualcomm sd 615", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_212", "name": "qualcomm sd 212", "operator": "eq", "version": "-"}, {"cpeName": "qualcomm:sd_425", "name": "qualcomm sd 425", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}]}, "extraReferences": [{"name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "https://www.qualcomm.com/company/product-security/bulletins"}]}
{"android": [{"lastseen": "2020-06-22T14:42:11", "bulletinFamily": "software", "cvelist": ["CVE-2018-5876"], "description": "While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.", "edition": 1, "modified": "2019-07-25T00:00:00", "published": "2018-07-01T00:00:00", "id": "ANDROID:CVE-2018-5876", "href": "http://www.androidvulnerabilities.org/vulnerabilities/CVE-2018-5876.html", "title": "CVE-2018-5876", "type": "android", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
