cve/2019/CVE-2019-2287.md

### [CVE-2019-2287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2287)
![](https://img.shields.io/static/v1?label=Product&message=Snapdragon%20Auto%2C%20Snapdragon%20Compute%2C%20Snapdragon%20Consumer%20IOT%2C%20Snapdragon%20Industrial%20IOT%2C%20Snapdragon%20Mobile%2C%20Snapdragon%20Voice%20%26%20Music%2C%20Snapdragon%20Wearables&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=MDM9150%2C%20MDM9206%2C%20MDM9607%2C%20MDM9640%2C%20MDM9650%2C%20MSM8909W%2C%20MSM8996AU%2C%20QCA6574AU%2C%20QCS405%2C%20QCS605%2C%20Qualcomm%20215%2C%20SD%20210%2FSD%20212%2FSD%20205%2C%20SD%20425%2C%20SD%20427%2C%20SD%20430%2C%20SD%20435%2C%20SD%20439%20%2F%20SD%20429%2C%20SD%20450%2C%20SD%20625%2C%20SD%20632%2C%20SD%20636%2C%20SD%20665%2C%20SD%20675%2C%20SD%20712%20%2F%20SD%20710%20%2F%20SD%20670%2C%20SD%20730%2C%20SD%20820%2C%20SD%20820A%2C%20SD%20835%2C%20SD%20845%20%2F%20SD%20850%2C%20SD%20855%2C%20SDA660%2C%20SDM439%2C%20SDM630%2C%20SDM660%2C%20SDX20%2C%20SDX24%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20Out-of-range%20Pointer%20Offset%20in%20Video&color=brightgreen)

### Description

Improper validation for inputs received from firmware can lead to an out of bound write issue in video driver. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/seclab-ucr/Patchlocator
- https://github.com/zhangzhenghsy/Patchlocator