CVE-2020-11140

2021-01-2109:41:13

qualcomm

www.cve.org

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.1%

JSON

Out of bound memory access during music playback with ALAC modified content due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "APQ8017, APQ8037, APQ8052, APQ8053, APQ8056, APQ8062, APQ8064AU, APQ8076, APQ8084, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSRA6620, CSRA6640, MDM8635M, MDM9225, MDM9225M, MDM9230, MDM9235M, MDM9330, MDM9625, MDM9625M, MDM9630, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8226, MSM8610, MSM8626, MSM8917, MSM8920, MSM8937, MSM8940, MSM8952, MSM8953, MSM8956, MSM8962, MSM8976, MSM8976SG, MSM8996AU, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8019, PM8110, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8226, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8916, PM8937, PM8940, PM8952, PM8953, PM8956, PM8996, PM8998, PMC1000H, PMD9635, PMD9645, PMD9655, PME605, PMI632, PMI8937, PMI8940, PMI8952, PMI8994, PMI8996, PMI8998, PMK7350, PMK8001, PMK8002, PMK800 ...[truncated*]"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin