Critical severity9.8NVD Advisory· Published Apr 18, 2018· Updated Jun 17, 2026

CVE-2014-9995

Description

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, in drmprov_cmd_verify_key(), the variable feature_name_length is not validated. There is a check for feature_name_len + filePathLen but there might be an integer wrap when checking feature_name_len + filePathLen. This leads to a buffer overflow.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Google/Androidllm-create
Range: <2018-04-05
Qualcomm/Snapdragon Mobilellm-fuzzy
Range: <2018-04-05
Qualcomm/Snapdragon Mobile SD 400 and SD 800llm-fuzzy
Range: <2018-04-05
Qualcomm, Inc./Snapdragon Mobilev5
Range: SD 400, SD 800

Patches

Vulnerability mechanics

References

www.securityfocus.com/bid/103671nvdThird Party AdvisoryVDB Entry
source.android.com/security/bulletin/2018-04-01nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000