CVE-2023-28543

Summary

A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g. from a remote source).

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.SnapdragonSD855affected
Qualcomm, Inc.SnapdragonSD845affected
Qualcomm, Inc.SnapdragonQCS605affected
Qualcomm, Inc.SnapdragonQCS405affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References