Lucene search

QualcommCVELIST:CVE-2023-43527

HistoryMay 06, 2024 - 2:32 p.m.

CVE-2023-43527 Buffer Over-read in Video

2024-05-0614:32:07

CWE-126

qualcomm

www.cve.org

buffer over-read

information disclosure

video parsing

dts header atom

6.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.9%

JSON

Information disclosure while parsing dts header atom in Video.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Snapdragon Auto",
      "Snapdragon Compute",
      "Snapdragon Consumer IOT",
      "Snapdragon Industrial IOT",
      "Snapdragon Mobile",
      "Snapdragon Wearables"
    ],
    "product": "Snapdragon",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "FastConnect 6800"
      },
      {
        "status": "affected",
        "version": "FastConnect 6900"
      },
      {
        "status": "affected",
        "version": "FastConnect 7800"
      },
      {
        "status": "affected",
        "version": "QAM8295P"
      },
      {
        "status": "affected",
        "version": "QCA6391"
      },
      {
        "status": "affected",
        "version": "QCA6426"
      },
      {
        "status": "affected",
        "version": "QCA6436"
      },
      {
        "status": "affected",
        "version": "QCA6574AU"
      },
      {
        "status": "affected",
        "version": "QCA6696"
      },
      {
        "status": "affected",
        "version": "QCN9074"
      },
      {
        "status": "affected",
        "version": "QCS410"
      },
      {
        "status": "affected",
        "version": "QCS610"
      },
      {
        "status": "affected",
        "version": "Qualcomm Video Collaboration VC1 Platform"
      },
      {
        "status": "affected",
        "version": "Qualcomm Video Collaboration VC3 Platform"
      },
      {
        "status": "affected",
        "version": "SA6145P"
      },
      {
        "status": "affected",
        "version": "SA6150P"
      },
      {
        "status": "affected",
        "version": "SA6155P"
      },
      {
        "status": "affected",
        "version": "SA8145P"
      },
      {
        "status": "affected",
        "version": "SA8150P"
      },
      {
        "status": "affected",
        "version": "SA8155P"
      },
      {
        "status": "affected",
        "version": "SA8195P"
      },
      {
        "status": "affected",
        "version": "SA8295P"
      },
      {
        "status": "affected",
        "version": "SD660"
      },
      {
        "status": "affected",
        "version": "SD865 5G"
      },
      {
        "status": "affected",
        "version": "SDM429W"
      },
      {
        "status": "affected",
        "version": "Snapdragon 429 Mobile Platform"
      },
      {
        "status": "affected",
        "version": "Snapdragon 660 Mobile Platform"
      },
      {
        "status": "affected",
        "version": "Snapdragon 8 Gen 1 Mobile Platform"
      },
      {
        "status": "affected",
        "version": "Snapdragon 865 5G Mobile Platform"
      },
      {
        "status": "affected",
        "version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
      },
      {
        "status": "affected",
        "version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
      },
      {
        "status": "affected",
        "version": "Snapdragon W5+ Gen 1 Wearable Platform"
      },
      {
        "status": "affected",
        "version": "Snapdragon Wear 4100+ Platform"
      },
      {
        "status": "affected",
        "version": "Snapdragon X55 5G Modem-RF System"
      },
      {
        "status": "affected",
        "version": "Snapdragon XR2 5G Platform"
      },
      {
        "status": "affected",
        "version": "SW5100"
      },
      {
        "status": "affected",
        "version": "SW5100P"
      },
      {
        "status": "affected",
        "version": "SXR2130"
      },
      {
        "status": "affected",
        "version": "WCD9335"
      },
      {
        "status": "affected",
        "version": "WCD9341"
      },
      {
        "status": "affected",
        "version": "WCD9370"
      },
      {
        "status": "affected",
        "version": "WCD9380"
      },
      {
        "status": "affected",
        "version": "WCN3610"
      },
      {
        "status": "affected",
        "version": "WCN3620"
      },
      {
        "status": "affected",
        "version": "WCN3660B"
      },
      {
        "status": "affected",
        "version": "WCN3680B"
      },
      {
        "status": "affected",
        "version": "WCN3950"
      },
      {
        "status": "affected",
        "version": "WCN3980"
      },
      {
        "status": "affected",
        "version": "WCN3988"
      },
      {
        "status": "affected",
        "version": "WCN3990"
      },
      {
        "status": "affected",
        "version": "WSA8810"
      },
      {
        "status": "affected",
        "version": "WSA8815"
      },
      {
        "status": "affected",
        "version": "WSA8830"
      },
      {
        "status": "affected",
        "version": "WSA8835"
      }
    ]
  }
]

References

docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html

6.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.9%

JSON

Related for CVELIST:CVE-2023-43527