{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-47390", "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "state": "PUBLISHED", "assignerShortName": "qualcomm", "dateReserved": "2025-05-06T08:33:16.274Z", "datePublished": "2026-04-06T15:33:41.722Z", "dateUpdated": "2026-04-07T03:55:58.985Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Snapdragon Compute", "Snapdragon Industrial IOT"], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "Cologne"}, {"status": "affected", "version": "FastConnect 6700"}, {"status": "affected", "version": "FastConnect 6900"}, {"status": "affected", "version": "FastConnect 7800"}, {"status": "affected", "version": "QCA0000"}, {"status": "affected", "version": "QCM5430"}, {"status": "affected", "version": "QCM6490"}, {"status": "affected", "version": "Qualcomm Video Collaboration VC3 Platform"}, {"status": "affected", "version": "SC8380XP"}, {"status": "affected", "version": "Snapdragon 7c+ Gen 3 Compute"}, {"status": "affected", "version": "Snapdragon 8cx Gen 3 Compute Platform"}, {"status": "affected", "version": "WCD9370"}, {"status": "affected", "version": "WCD9375"}, {"status": "affected", "version": "WCD9378C"}, {"status": "affected", "version": "WCD9380"}, {"status": "affected", "version": "WCD9385"}, {"status": "affected", "version": "WSA8830"}, {"status": "affected", "version": "WSA8835"}, {"status": "affected", "version": "WSA8840"}, {"status": "affected", "version": "WSA8845"}, {"status": "affected", "version": "WSA8845H"}, {"status": "affected", "version": "X2000077"}, {"status": "affected", "version": "X2000086"}, {"status": "affected", "version": "X2000090"}, {"status": "affected", "version": "X2000092"}, {"status": "affected", "version": "X2000094"}, {"status": "affected", "version": "XG101002"}, {"status": "affected", "version": "XG101032"}, {"status": "affected", "version": "XG101039"}]}], "descriptions": [{"lang": "en", "value": "Memory corruption while preprocessing IOCTL request in JPEG driver."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-126", "description": "CWE-126 Buffer Over-read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm", "dateUpdated": "2026-04-06T15:33:41.722Z"}, "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"}], "title": "Buffer Over-read in Camera"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-47390"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T03:55:58.985Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-47390", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-06T16:11:36.498479Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T16:22:20.412Z"}}], "cna": {"title": "Buffer Over-read in Camera", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Qualcomm, Inc.", "product": "Snapdragon", "versions": [{"status": "affected", "version": "Cologne"}, {"status": "affected", "version": "FastConnect 6700"}, {"status": "affected", "version": "FastConnect 6900"}, {"status": "affected", "version": "FastConnect 7800"}, {"status": "affected", "version": "QCA0000"}, {"status": "affected", "version": "QCM5430"}, {"status": "affected", "version": "QCM6490"}, {"status": "affected", "version": "Qualcomm Video Collaboration VC3 Platform"}, {"status": "affected", "version": "SC8380XP"}, {"status": "affected", "version": "Snapdragon 7c+ Gen 3 Compute"}, {"status": "affected", "version": "Snapdragon 8cx Gen 3 Compute Platform"}, {"status": "affected", "version": "WCD9370"}, {"status": "affected", "version": "WCD9375"}, {"status": "affected", "version": "WCD9378C"}, {"status": "affected", "version": "WCD9380"}, {"status": "affected", "version": "WCD9385"}, {"status": "affected", "version": "WSA8830"}, {"status": "affected", "version": "WSA8835"}, {"status": "affected", "version": "WSA8840"}, {"status": "affected", "version": "WSA8845"}, {"status": "affected", "version": "WSA8845H"}, {"status": "affected", "version": "X2000077"}, {"status": "affected", "version": "X2000086"}, {"status": "affected", "version": "X2000090"}, {"status": "affected", "version": "X2000092"}, {"status": "affected", "version": "X2000094"}, {"status": "affected", "version": "XG101002"}, {"status": "affected", "version": "XG101032"}, {"status": "affected", "version": "XG101039"}], "platforms": ["Snapdragon Compute", "Snapdragon Industrial IOT"], "defaultStatus": "unaffected"}], "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"}], "descriptions": [{"lang": "en", "value": "Memory corruption while preprocessing IOCTL request in JPEG driver."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-126", "description": "CWE-126 Buffer Over-read"}]}], "providerMetadata": {"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm", "dateUpdated": "2026-04-06T15:33:41.722Z"}}}, "cveMetadata": {"cveId": "CVE-2025-47390", "state": "PUBLISHED", "dateUpdated": "2026-04-07T03:55:58.985Z", "dateReserved": "2025-05-06T08:33:16.274Z", "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "datePublished": "2026-04-06T15:33:41.722Z", "assignerShortName": "qualcomm"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Memory corruption while preprocessing IOCTL request in JPEG driver."}], "id": "CVE-2025-47390", "lastModified": "2026-04-07T13:20:35.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "product-security@qualcomm.com", "type": "Primary"}]}, "published": "2026-04-06T16:16:27.777", "references": [{"source": "product-security@qualcomm.com", "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"}], "sourceIdentifier": "product-security@qualcomm.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-126"}], "source": "product-security@qualcomm.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "Cologne"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "FastConnect 6700"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "FastConnect 6900"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "FastConnect 7800"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "QCA0000"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "QCM5430"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "QCM6490"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "Qualcomm Video Collaboration VC3 Platform"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "SC8380XP"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "Snapdragon 7c+ Gen 3 Compute"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "Snapdragon 8cx Gen 3 Compute Platform"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WCD9370"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WCD9375"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WCD9378C"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WCD9380"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WCD9385"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WSA8830"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WSA8835"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WSA8840"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WSA8845"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WSA8845H"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "X2000077"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "X2000086"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "X2000090"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "X2000092"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "X2000094"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "XG101002"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "XG101032"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "XG101039"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Snapdragon", "source": "cna", "vendor": "Qualcomm, Inc."}, "product": "snapdragon", "vendor": "qualcomm"}], "analysis": {"en": {"generated_at": "2026-04-06T19:53:56.106350+00:00", "value": {"mitigation_remediation": ["Apply the Qualcomm firmware update referenced in the April 2026 security bulletin.", "Restrict camera IOCTL device access to trusted applications only.", "Verify that the JPEG driver no longer exhibits buffer over-read after the update."], "summary": {"action": "Apply Patch", "impact": "Potential Information Exposure"}, "threat_synthesis": {"affected_systems": "Qualcomm Snapdragon processors that incorporate the affected JPEG driver are impacted. All firmware releases containing that driver should be examined; no specific version numbers are listed.", "description_and_impact": "A buffer over-read flaw in the JPEG driver occurs while preprocessing an IOCTL request sent by camera hardware. This incorrect memory access can lead to memory corruption, permitting the reading of unintended data or causing a crash. The weakness is a classic buffer over-read as identified by CWE-126.", "risk_and_exploitability": "The flaw carries a high CVSS score of 7.8, indicating substantial severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves a local interface, requiring an attacker to invoke the susceptible IOCTL command on the camera device, typically through device access granted to privileged or local applications."}}}}, "created": "2026-04-06T21:32:10.011007+00:00", "title": "JPEG Camera Driver Buffer Over-read Vulnerability", "updated": "2026-04-07T09:39:26.132252+00:00", "vendors": ["qualcomm", "qualcomm$PRODUCT$snapdragon"]}