QUALCOMM Incorporated Information for VU#790839

Objective Systems ASN1C generates code that contains a heap overflow vulnerability

Status

Not Affected

Vendor Statement

"We have determined that the products designed by Qualcomm Technologies Inc. (QTI) to interface with the Objective Systems ASN.1 module at issue properly implemented size checks. Thus, the integer overflow vulnerability that can further lead to a heap-based buffer overflow is mitigated and we believe is not exploitable through QTI's implementations."

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

While Qualcomm uses the vulnerable module in their cellular protocol software, current analysis suggests they are not impacted by this vulnerability.

If you have feedback, comments, or additional information about this vulnerability, please send us email.