Vulnerabilities ›

CVE-2025-47390

High

CWE-126 — Weakness Type

                    Published: Apr 6, 2026                      ·  Modified: Apr 13, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

Memory corruption while preprocessing IOCTL request in JPEG driver.

🤖 AI Executive Summary

A memory corruption vulnerability exists in the JPEG driver's IOCTL request preprocessing that could allow attackers to execute arbitrary code or cause denial of service. The vulnerability affects systems using vulnerable versions of the JPEG driver with a CVSS score of 7.8.

📄 Description (Arabic)

ثغرة تسرب الذاكرة في مشغل JPEG تحدث أثناء معالجة طلبات IOCTL قد تؤدي إلى تنفيذ أكواد عشوائية أو إيقاف الخدمة. تؤثر الثغرة على الأنظمة التي تعتمد على معالجة الصور الرقمية والتطبيقات المتعلقة بـ JPEG.

🤖 ملخص تنفيذي (AI)

يوجد ثغرة تسرب الذاكرة في معالج طلبات IOCTL لمشغل JPEG قد تسمح للمهاجمين بتنفيذ أكواد عشوائية أو إيقاف الخدمة. تؤثر الثغرة على الأنظمة التي تستخدم إصدارات ضعيفة من مشغل JPEG.

🤖 AI Intelligence Analysis Analyzed: May 2, 2026 05:20

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government banking healthcare telecom

🎯 MITRE ATT&CK Techniques

T1190 T1203 T1499

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Update the JPEG driver to the latest patched version immediately. Implement input validation and bounds checking for all IOCTL requests. Restrict IOCTL access to privileged users only. Monitor system logs for suspicious IOCTL calls and memory access patterns.

🔧 خطوات المعالجة (العربية)

قم بتحديث مشغل JPEG إلى أحدث إصدار مصحح فوراً. طبق التحقق من صحة المدخلات والتحقق من الحدود لجميع طلبات IOCTL. قيد الوصول إلى IOCTL للمستخدمين المميزين فقط. راقب سجلات النظام للكشف عن استدعاءات IOCTL المريبة وأنماط الوصول إلى الذاكرة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.2.1 A.3.1

🔵 SAMA CSF

ID.RA-1 PR.PT-2

🟡 ISO 27001:2022

A.12.2.1 A.14.2.1

🔗 References & Sources 1

🔗

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin....

product-security@qualcomm.com

Vendor Advisory

📦 Affected Products / CPE 29 entries

qualcomm:qcm5430_firmware:-

qualcomm:qcm6490_firmware:-

qualcomm:video_collaboration_vc3_platform_firmware:-

qualcomm:sc8380xp_firmware:-

qualcomm:snapdragon_7c\+_gen_3_compute_firmware:-

qualcomm:snapdragon_8cx_gen_3_compute_platform_firmware:-

qualcomm:wcd9370_firmware:-

qualcomm:wcd9375_firmware:-

qualcomm:wcd9378c_firmware:-

qualcomm:wcd9380_firmware:-

qualcomm:wcd9385_firmware:-

qualcomm:wsa8830_firmware:-

qualcomm:wsa8835_firmware:-

qualcomm:wsa8840_firmware:-

qualcomm:wsa8845_firmware:-

qualcomm:wsa8845h_firmware:-

qualcomm:x2000077_firmware:-

qualcomm:x2000086_firmware:-

qualcomm:x2000090_firmware:-

qualcomm:x2000092_firmware:-

qualcomm:x2000094_firmware:-

qualcomm:xg101002_firmware:-

qualcomm:xg101032_firmware:-

qualcomm:xg101039_firmware:-

qualcomm:cologne_firmware:-

qualcomm:fastconnect_6700_firmware:-

qualcomm:fastconnect_6900_firmware:-

qualcomm:fastconnect_7800_firmware:-

qualcomm:qca0000_firmware:-

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-126

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-04-06

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-126

🏢 Vendor Advisories

🔗 https://docs.qualcomm.com/product/publicresources/se...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2025-47390

💬 Comments

Introduce Yourself

Sign In Required