What is CVE-2019-10541?

CVE-2019-10541 is a critical-severity vulnerability in Qualcomm Mdm9206, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2019-11-06.

How severe is CVE-2019-10541?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Buffer overflow in Qualcomm Mdm9206

CVE-2019-10541

Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music…

Vulnerability class: Buffer Overflow

EPSS: 0.009 (55.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Qualcomm Mdm9206
Qualcomm Mdm9206_firmware
Qualcomm Mdm9607
Qualcomm Mdm9607_firmware
Qualcomm Msm8909w
Qualcomm Msm8909w_firmware
Qualcomm Msm8996au
Qualcomm Msm8996au_firmware
Qualcomm Qca6574au
Qualcomm Qca6574au_firmware

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-908 — Use of Uninitialized Resource

References

product-security@qualcomm.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2019-10541?: CVE-2019-10541 is a critical-severity vulnerability in Qualcomm Mdm9206, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2019-11-06.
How severe is CVE-2019-10541?: Critical severity. CVSS v3 base score is 9.8 out of 10.