Details of VAR-202411-3254

ID

VAR-202411-3254

CVE

CVE-2017-11076

TITLE

Buffer error vulnerability in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2017-015282

DESCRIPTION

On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder. MSM8909W firmware, MSM8996AU firmware, SD 210 Multiple Qualcomm products such as firmware contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2017-11076 // JVNDB: JVNDB-2017-015282

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sdm429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 415	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon high med 2016	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 616	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 810	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 427	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 210	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sdm429	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 845	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 616	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 415	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 425	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 810	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 450	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 625	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8909w	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 820	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 615	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 820a	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 435	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 835	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 212	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 205	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sd 430	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2017-015282 // NVD: CVE-2017-11076

CVSS

SEVERITY

CVSSV2

CVSSV3

product-security@qualcomm.com:	CVE-2017-11076
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2017-015282
value:	CRITICAL
Trust: 0.8

product-security@qualcomm.com:	CVE-2017-11076
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2017-015282
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2017-015282 // NVD: CVE-2017-11076

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-823	Trust: 1.0
problemtype:	Buffer error (CWE-119) [NVD evaluation ]	Trust: 0.8
problemtype:	Using out-of-bounds pointer offsets (CWE-823) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2017-015282 // NVD: CVE-2017-11076

EXTERNAL IDS

db:	NVD	id:	CVE-2017-11076	Trust: 2.6
db:	JVNDB	id:	JVNDB-2017-015282	Trust: 0.8

sources: JVNDB: JVNDB-2017-015282 // NVD: CVE-2017-11076

REFERENCES

url:	https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11076	Trust: 0.8

sources: JVNDB: JVNDB-2017-015282 // NVD: CVE-2017-11076

SOURCES

db:	JVNDB	id:	JVNDB-2017-015282
db:	NVD	id:	CVE-2017-11076

LAST UPDATE DATE

2025-01-11T23:26:58.234000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2017-015282	date:	2025-01-10T07:28:00
db:	NVD	id:	CVE-2017-11076	date:	2025-01-09T21:02:48.820

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2017-015282	date:	2025-01-10T00:00:00
db:	NVD	id:	CVE-2017-11076	date:	2024-11-26T09:15:04.347