ID

VAR-202001-1473


CVE

CVE-2019-10578


TITLE

plural Snapdragon In products NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-014201

DESCRIPTION

Null pointer dereference can occur while parsing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Snapdragon Products include NULL A vulnerability exists in pointer dereferencing.Denial of service (DoS) May be in a state. Qualcomm MDM9206, etc. are all products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX20 is a modem. Video in many Qualcomm products has an input verification error vulnerability. A remote attacker can use a specially crafted clip file to exploit the vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2019-10578 // JVNDB: JVNDB-2019-014201 // CNVD: CNVD-2020-41777

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-41777

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8009scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9207cscope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8017scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8053scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8096auscope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8098scope: - version: -

Trust: 1.4

vendor:qualcommmodel:msm8909scope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8064scope: - version: -

Trust: 1.4

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8064scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9207cscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8939scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8917scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8920scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8940scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:rennellscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx20scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm429scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm439scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm632scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm636scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sxr1130scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm7150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qca6574auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:660

Trust: 0.6

vendor:qualcommmodel:nicobarscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdm670scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm8150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm429wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8917scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8920scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8937scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8940scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8953scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm450scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8998scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qm215scope: - version: -

Trust: 0.6

vendor:qualcommmodel:rennellscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm710scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm845scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm6150scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sm8250scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sxr2130scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8939scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8996scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-41777 // JVNDB: JVNDB-2019-014201 // NVD: CVE-2019-10578

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10578
value: HIGH

Trust: 1.0

NVD: CVE-2019-10578
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-41777
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-203
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-10578
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-41777
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10578
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-10578
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-41777 // JVNDB: JVNDB-2019-014201 // CNNVD: CNNVD-202001-203 // NVD: CVE-2019-10578

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.8

sources: JVNDB: JVNDB-2019-014201 // NVD: CVE-2019-10578

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-203

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014201

PATCH

title:January 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin

Trust: 0.8

title:Patch for Multiple Qualcomm products input verification error vulnerability (CNVD-2020-41777)url:https://www.cnvd.org.cn/patchInfo/show/226751

Trust: 0.6

title:Multiple Qualcomm Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108332

Trust: 0.6

sources: CNVD: CNVD-2020-41777 // JVNDB: JVNDB-2019-014201 // CNNVD: CNNVD-202001-203

EXTERNAL IDS

db:NVDid:CVE-2019-10578

Trust: 3.0

db:JVNDBid:JVNDB-2019-014201

Trust: 0.8

db:CNVDid:CNVD-2020-41777

Trust: 0.6

db:CNNVDid:CNNVD-202001-203

Trust: 0.6

sources: CNVD: CNVD-2020-41777 // JVNDB: JVNDB-2019-014201 // CNNVD: CNNVD-202001-203 // NVD: CVE-2019-10578

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-10578

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10578

Trust: 0.8

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-january-2020-31267

Trust: 0.6

sources: CNVD: CNVD-2020-41777 // JVNDB: JVNDB-2019-014201 // CNNVD: CNNVD-202001-203 // NVD: CVE-2019-10578

SOURCES

db:CNVDid:CNVD-2020-41777
db:JVNDBid:JVNDB-2019-014201
db:CNNVDid:CNNVD-202001-203
db:NVDid:CVE-2019-10578

LAST UPDATE DATE

2024-08-14T15:17:45.133000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-41777date:2020-07-23T00:00:00
db:JVNDBid:JVNDB-2019-014201date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-203date:2020-05-15T00:00:00
db:NVDid:CVE-2019-10578date:2020-01-23T19:35:39.100

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-41777date:2020-07-23T00:00:00
db:JVNDBid:JVNDB-2019-014201date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-203date:2020-01-07T00:00:00
db:NVDid:CVE-2019-10578date:2020-01-21T07:15:11.540