Vulnerability Details : CVE-2018-11285
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, while parsing FLAC file with corrupted picture block, a buffer over-read can occur.
Products affected by CVE-2018-11285
- cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdm632_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd212_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd425_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd427_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd430_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd435_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd650_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd820a_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdm429_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd845_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd615_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd616_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd415_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd810_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-11285
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-11285
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-11285
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-11285
-
https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components
Android Security Bulletin—September 2018 | Android Open Source ProjectThird Party Advisory
-
https://www.qualcomm.com/company/product-security/bulletins
Security Advisories | Product Security | QualcommVendor Advisory
Jump to