CVE-2017-11076

Summary

On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.SnapdragonMSM8909Waffected
Qualcomm, Inc.SnapdragonMSM8996AUaffected
Qualcomm, Inc.SnapdragonSD 210/SD 212/SD 205affected
Qualcomm, Inc.SnapdragonSD 425affected
Qualcomm, Inc.SnapdragonSD 427affected
Qualcomm, Inc.SnapdragonSD 430affected
Qualcomm, Inc.SnapdragonSD 435affected
Qualcomm, Inc.SnapdragonSD 450affected
Qualcomm, Inc.SnapdragonSD 615/16/SD 415affected
Qualcomm, Inc.SnapdragonSD 625affected
Qualcomm, Inc.SnapdragonSD 810affected
Qualcomm, Inc.SnapdragonSD 820affected
Qualcomm, Inc.SnapdragonSD 820Aaffected
Qualcomm, Inc.SnapdragonSD 835affected
Qualcomm, Inc.SnapdragonSD 845affected
Qualcomm, Inc.SnapdragonSDM429affected
Qualcomm, Inc.SnapdragonSDM439affected
Qualcomm, Inc.SnapdragonSDM630affected
Qualcomm, Inc.SnapdragonSDM632affected
Qualcomm, Inc.SnapdragonSDM636affected
Qualcomm, Inc.SnapdragonSDM660affected
Qualcomm, Inc.SnapdragonSDM710affected
Qualcomm, Inc.SnapdragonSnapdragon_High_Med_2016affected

Weaknesses

  • CWE-823: CWE-823 Use of Out-of-range Pointer Offset

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References