CVE-2015-9127
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
18/04/2018
Last modified:
10/05/2018
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, and SD 810, possible null pointer dereference occurs due to failure of memory allocation when a large value is passed for buffer allocation in the Playready App.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page