CVEs-PoC/2019/CVE-2019-2255.md

### [CVE-2019-2255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2255)
![](https://img.shields.io/static/v1?label=Product&message=Snapdragon%20Auto%2C%20Snapdragon%20Compute%2C%20Snapdragon%20Connectivity%2C%20Snapdragon%20Consumer%20IOT%2C%20Snapdragon%20Industrial%20IOT%2C%20Snapdragon%20Mobile%2C%20Snapdragon%20Voice%20%26%20Music%2C%20Snapdragon%20Wearables&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=MDM9650%2C%20MSM8909W%2C%20MSM8996AU%2C%20QCS605%2C%20Qualcomm%20215%2C%20SD%20210%2FSD%20212%2FSD%20205%2C%20SD%20425%2C%20SD%20427%2C%20SD%20430%2C%20SD%20435%2C%20SD%20439%20%2F%20SD%20429%2C%20SD%20450%2C%20SD%20625%2C%20SD%20632%2C%20SD%20636%2C%20SD%20675%2C%20SD%20712%20%2F%20SD%20710%20%2F%20SD%20670%2C%20SD%20820%2C%20SD%20820A%2C%20SD%20835%2C%20SD%20845%20%2F%20SD%20850%2C%20SD%20855%2C%20SD%208CX%2C%20SDA660%2C%20SDM439%2C%20SDM630%2C%20SDM660%2C%20Snapdragon_High_Med_2016%2C%20SXR1130%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Classic%20Buffer%20Overflow%20while%20Playing%20Crafted%20H264%20Video%20Clip&color=brightgreen)

### Description

An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

### POC

#### Reference
- https://www.qualcomm.com/company/product-security/bulletins

#### Github
No PoCs found on GitHub currently.