No statement is currently available from the vendor regarding this vulnerability.
Affected customers should contact Objective Systems to obtain a hotfix for ASN1C version 7.0.1.x. The vulnerability will be fully corrected when version 7.0.2 is released. Currently there is no estimated release date for version 7.0.2.
"We have determined that the products designed by Qualcomm Technologies Inc. (QTI) to interface with the Objective Systems ASN.1 module at issue properly implemented size checks. Thus, the integer overflow vulnerability that can further lead to a heap-based buffer overflow is mitigated and we believe is not exploitable through QTI's implementations."
We are not aware of further vendor information regarding this vulnerability.
While Qualcomm uses the vulnerable module in their cellular protocol software, current analysis suggests they are not impacted by this vulnerability.