CVE-2020-11184

high-risk

Published 2020-11-12

u'Possible buffer overflow will occur in video while parsing mp4 clip with crafted esds atom size.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

Do I need to act?

0.43% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Qcm4290 Firmware

Qcs4290 Firmware

Qm215 Firmware

Qsm8350 Firmware

Sa6145P Firmware

Sa6155 Firmware

Sa6155P Firmware

Sa8155 Firmware

Sa8155P Firmware

Sdx55 Firmware

Sdx55M Firmware

Sm4250 Firmware

Sm4250P Firmware

Sm6115 Firmware

Sm6115P Firmware

Sm6125 Firmware

Sm6250 Firmware

Sm6350 Firmware

Sm7125 Firmware

Sm7225 Firmware

Affected Vendors

Qualcomm

References (2)

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/november-2020-bullet...

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 22/34 · High