1. CVE-Search
  2. CVE-2019-2281
ID CVE-2019-2281
Summary An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX24, SXR1130
References
Vulnerable Configurations
  • cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_665_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_665_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_665:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_665:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_675:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_675:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_712:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_712:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_710:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_710:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_670:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_670:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_730_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_730_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_730:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_730:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_855_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_855_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_855:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_855:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_8cx:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_8cx:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sxr1130:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sxr1130:-:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm https://www.qualcomm.com/company/product-security/bulletins
Last major update 24-08-2020 - 17:37
Published 25-07-2019 - 17:15
Last modified 24-08-2020 - 17:37
Back to Top