QUALCOMM Incorporated Information for VU#790839
Objective Systems ASN1C generates code that contains a heap overflow vulnerability
- Vendor Information Help Date Notified: 20 Jun 2016
- Statement Date: 21 Jul 2016
- Date Updated: 22 Aug 2016
"We have determined that the products designed by Qualcomm Technologies Inc. (QTI) to interface with the Objective Systems ASN.1 module at issue properly implemented size checks. Thus, the integer overflow vulnerability that can further lead to a heap-based buffer overflow is mitigated and we believe is not exploitable through QTI's implementations."
We are not aware of further vendor information regarding this vulnerability.
While Qualcomm uses the vulnerable module in their cellular protocol software, current analysis suggests they are not impacted by this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us email.