CVE-2023-28537

8.4 HIGH

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm's audio processing module (COmxApeDec) due to integer overflow during memory allocation. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This affects Android devices using Qualcomm chipsets with vulnerable audio components.

💻 Affected Systems

Products:

• Android devices with Qualcomm chipsets

Versions: Multiple Qualcomm chipset versions (specifics in vendor advisory)

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using Qualcomm's audio processing framework. Vulnerability is in the COmxApeDec module handling APE audio format.

📦 What is this software?

315 5g Iot Modem Firmware by Qualcomm

View all CVEs affecting 315 5g Iot Modem Firmware →

8098 Firmware by Qualcomm

View all CVEs affecting 8098 Firmware →

8998 Firmware by Qualcomm

View all CVEs affecting 8998 Firmware →

Apq5053 Aa Firmware by Qualcomm

View all CVEs affecting Apq5053 Aa Firmware →

Apq8009 Firmware by Qualcomm

View all CVEs affecting Apq8009 Firmware →

Apq8017 Firmware by Qualcomm

View all CVEs affecting Apq8017 Firmware →

Apq8053 Aa Firmware by Qualcomm

View all CVEs affecting Apq8053 Aa Firmware →

Apq8053 Ac Firmware by Qualcomm

View all CVEs affecting Apq8053 Ac Firmware →

Aqt1000 Firmware by Qualcomm

View all CVEs affecting Aqt1000 Firmware →

Ar8031 Firmware by Qualcomm

View all CVEs affecting Ar8031 Firmware →

Ar8035 Firmware by Qualcomm

View all CVEs affecting Ar8035 Firmware →

Csra6620 Firmware by Qualcomm

View all CVEs affecting Csra6620 Firmware →

Csra6640 Firmware by Qualcomm

View all CVEs affecting Csra6640 Firmware →

Csrb31024 Firmware by Qualcomm

View all CVEs affecting Csrb31024 Firmware →

Flight Rb5 5g Platform Firmware by Qualcomm

View all CVEs affecting Flight Rb5 5g Platform Firmware →

Mdm9628 Firmware by Qualcomm

View all CVEs affecting Mdm9628 Firmware →

Msm8108 Firmware by Qualcomm

View all CVEs affecting Msm8108 Firmware →

Msm8208 Firmware by Qualcomm

View all CVEs affecting Msm8208 Firmware →

Msm8209 Firmware by Qualcomm

View all CVEs affecting Msm8209 Firmware →

Msm8608 Firmware by Qualcomm

View all CVEs affecting Msm8608 Firmware →

Msm8917 Firmware by Qualcomm

View all CVEs affecting Msm8917 Firmware →

Msm8996au Firmware by Qualcomm

View all CVEs affecting Msm8996au Firmware →

Qam8295p Firmware by Qualcomm

View all CVEs affecting Qam8295p Firmware →

Qca4020 Firmware by Qualcomm

View all CVEs affecting Qca4020 Firmware →

Qca4024 Firmware by Qualcomm

View all CVEs affecting Qca4024 Firmware →

Qca6174a Firmware by Qualcomm

View all CVEs affecting Qca6174a Firmware →

Qca6310 Firmware by Qualcomm

View all CVEs affecting Qca6310 Firmware →

Qca6320 Firmware by Qualcomm

View all CVEs affecting Qca6320 Firmware →

Qca6335 Firmware by Qualcomm

View all CVEs affecting Qca6335 Firmware →

Qca6390 Firmware by Qualcomm

View all CVEs affecting Qca6390 Firmware →

Qca6391 Firmware by Qualcomm

View all CVEs affecting Qca6391 Firmware →

Qca6420 Firmware by Qualcomm

View all CVEs affecting Qca6420 Firmware →

Qca6421 Firmware by Qualcomm

View all CVEs affecting Qca6421 Firmware →

Qca6426 Firmware by Qualcomm

View all CVEs affecting Qca6426 Firmware →

Qca6430 Firmware by Qualcomm

View all CVEs affecting Qca6430 Firmware →

Qca6431 Firmware by Qualcomm

View all CVEs affecting Qca6431 Firmware →

Qca6436 Firmware by Qualcomm

View all CVEs affecting Qca6436 Firmware →

Qca6564 Firmware by Qualcomm

View all CVEs affecting Qca6564 Firmware →

Qca6564a Firmware by Qualcomm

View all CVEs affecting Qca6564a Firmware →

Qca6564au Firmware by Qualcomm

View all CVEs affecting Qca6564au Firmware →

Qca6574 Firmware by Qualcomm

View all CVEs affecting Qca6574 Firmware →

Qca6574a Firmware by Qualcomm

View all CVEs affecting Qca6574a Firmware →

Qca6574au Firmware by Qualcomm

View all CVEs affecting Qca6574au Firmware →

Qca6584au Firmware by Qualcomm

View all CVEs affecting Qca6584au Firmware →

Qca6595 Firmware by Qualcomm

View all CVEs affecting Qca6595 Firmware →

Qca6595au Firmware by Qualcomm

View all CVEs affecting Qca6595au Firmware →

Qca6696 Firmware by Qualcomm

View all CVEs affecting Qca6696 Firmware →

Qca6698aq Firmware by Qualcomm

View all CVEs affecting Qca6698aq Firmware →

Qca8081 Firmware by Qualcomm

View all CVEs affecting Qca8081 Firmware →

Qca8337 Firmware by Qualcomm

View all CVEs affecting Qca8337 Firmware →

Qca9377 Firmware by Qualcomm

View all CVEs affecting Qca9377 Firmware →

Qca9379 Firmware by Qualcomm

View all CVEs affecting Qca9379 Firmware →

Qcm2290 Firmware by Qualcomm

View all CVEs affecting Qcm2290 Firmware →

Qcm4290 Firmware by Qualcomm

View all CVEs affecting Qcm4290 Firmware →

Qcm6125 Firmware by Qualcomm

View all CVEs affecting Qcm6125 Firmware →

Qcm6490 Firmware by Qualcomm

View all CVEs affecting Qcm6490 Firmware →

Qcn9011 Firmware by Qualcomm

View all CVEs affecting Qcn9011 Firmware →

Qcn9012 Firmware by Qualcomm

View all CVEs affecting Qcn9012 Firmware →

Qcn9074 Firmware by Qualcomm

View all CVEs affecting Qcn9074 Firmware →

Qcs2290 Firmware by Qualcomm

View all CVEs affecting Qcs2290 Firmware →

Qcs410 Firmware by Qualcomm

View all CVEs affecting Qcs410 Firmware →

Qcs4290 Firmware by Qualcomm

View all CVEs affecting Qcs4290 Firmware →

Qcs603 Firmware by Qualcomm

View all CVEs affecting Qcs603 Firmware →

Qcs605 Firmware by Qualcomm

View all CVEs affecting Qcs605 Firmware →

Qcs610 Firmware by Qualcomm

View all CVEs affecting Qcs610 Firmware →

Qcs6125 Firmware by Qualcomm

View all CVEs affecting Qcs6125 Firmware →

Qcs6490 Firmware by Qualcomm

View all CVEs affecting Qcs6490 Firmware →

Qm215 Firmware by Qualcomm

View all CVEs affecting Qm215 Firmware →

Qrb5165 Firmware by Qualcomm

View all CVEs affecting Qrb5165 Firmware →

Qrb5165m Firmware by Qualcomm

View all CVEs affecting Qrb5165m Firmware →

Qrb5165n Firmware by Qualcomm

View all CVEs affecting Qrb5165n Firmware →

Qsm8250 Firmware by Qualcomm

View all CVEs affecting Qsm8250 Firmware →

S820a Firmware by Qualcomm

View all CVEs affecting S820a Firmware →

Sa4150p Firmware by Qualcomm

View all CVEs affecting Sa4150p Firmware →

Sa4155p Firmware by Qualcomm

View all CVEs affecting Sa4155p Firmware →

Sa6145p Firmware by Qualcomm

View all CVEs affecting Sa6145p Firmware →

Sa6150p Firmware by Qualcomm

View all CVEs affecting Sa6150p Firmware →

Sa6155 Firmware by Qualcomm

View all CVEs affecting Sa6155 Firmware →

Sa6155p Firmware by Qualcomm

View all CVEs affecting Sa6155p Firmware →

Sa8145p Firmware by Qualcomm

View all CVEs affecting Sa8145p Firmware →

Sa8150p Firmware by Qualcomm

View all CVEs affecting Sa8150p Firmware →

Sa8155 Firmware by Qualcomm

View all CVEs affecting Sa8155 Firmware →

Sa8155p Firmware by Qualcomm

View all CVEs affecting Sa8155p Firmware →

Sa8195p Firmware by Qualcomm

View all CVEs affecting Sa8195p Firmware →

Sa8295p Firmware by Qualcomm

View all CVEs affecting Sa8295p Firmware →

Sd 636 Firmware by Qualcomm

View all CVEs affecting Sd 636 Firmware →

Sd 675 Firmware by Qualcomm

View all CVEs affecting Sd 675 Firmware →

Sd 8 Gen1 5g Firmware by Qualcomm

View all CVEs affecting Sd 8 Gen1 5g Firmware →

Sd205 Firmware by Qualcomm

View all CVEs affecting Sd205 Firmware →

Sd210 Firmware by Qualcomm

View all CVEs affecting Sd210 Firmware →

Sd429 Firmware by Qualcomm

View all CVEs affecting Sd429 Firmware →

Sd439 Firmware by Qualcomm

View all CVEs affecting Sd439 Firmware →

Sd450 Firmware by Qualcomm

View all CVEs affecting Sd450 Firmware →

Sd460 Firmware by Qualcomm

View all CVEs affecting Sd460 Firmware →

Sd480 Firmware by Qualcomm

View all CVEs affecting Sd480 Firmware →

Sd625 Firmware by Qualcomm

View all CVEs affecting Sd625 Firmware →

Sd626 Firmware by Qualcomm

View all CVEs affecting Sd626 Firmware →

Sd632 Firmware by Qualcomm

View all CVEs affecting Sd632 Firmware →

Sd660 Firmware by Qualcomm

View all CVEs affecting Sd660 Firmware →

Sd662 Firmware by Qualcomm

View all CVEs affecting Sd662 Firmware →

Sd665 Firmware by Qualcomm

View all CVEs affecting Sd665 Firmware →

Sd670 Firmware by Qualcomm

View all CVEs affecting Sd670 Firmware →

Sd675 Firmware by Qualcomm

View all CVEs affecting Sd675 Firmware →

Sd678 Firmware by Qualcomm

View all CVEs affecting Sd678 Firmware →

Sd680 Firmware by Qualcomm

View all CVEs affecting Sd680 Firmware →

Sd690 5g Firmware by Qualcomm

View all CVEs affecting Sd690 5g Firmware →

Sd695 Firmware by Qualcomm

View all CVEs affecting Sd695 Firmware →

Sd710 Firmware by Qualcomm

View all CVEs affecting Sd710 Firmware →

Sd720g Firmware by Qualcomm

View all CVEs affecting Sd720g Firmware →

Sd730 Firmware by Qualcomm

View all CVEs affecting Sd730 Firmware →

Sd750g Firmware by Qualcomm

View all CVEs affecting Sd750g Firmware →

Sd765 Firmware by Qualcomm

View all CVEs affecting Sd765 Firmware →

Sd765g Firmware by Qualcomm

View all CVEs affecting Sd765g Firmware →

Sd768g Firmware by Qualcomm

View all CVEs affecting Sd768g Firmware →

Sd778g Firmware by Qualcomm

View all CVEs affecting Sd778g Firmware →

Sd780g Firmware by Qualcomm

View all CVEs affecting Sd780g Firmware →

Sd835 Firmware by Qualcomm

View all CVEs affecting Sd835 Firmware →

Sd845 Firmware by Qualcomm

View all CVEs affecting Sd845 Firmware →

Sd855 Firmware by Qualcomm

View all CVEs affecting Sd855 Firmware →

Sd865 5g Firmware by Qualcomm

View all CVEs affecting Sd865 5g Firmware →

Sd870 Firmware by Qualcomm

View all CVEs affecting Sd870 Firmware →

Sd888 Firmware by Qualcomm

View all CVEs affecting Sd888 Firmware →

Sda845 Firmware by Qualcomm

View all CVEs affecting Sda845 Firmware →

Sdm429w Firmware by Qualcomm

View all CVEs affecting Sdm429w Firmware →

Sdm630 Firmware by Qualcomm

View all CVEs affecting Sdm630 Firmware →

Sdm845 Firmware by Qualcomm

View all CVEs affecting Sdm845 Firmware →

Sdx55 Firmware by Qualcomm

View all CVEs affecting Sdx55 Firmware →

Sm4125 Firmware by Qualcomm

View all CVEs affecting Sm4125 Firmware →

Sm4375 Firmware by Qualcomm

View all CVEs affecting Sm4375 Firmware →

Sm6250 Firmware by Qualcomm

View all CVEs affecting Sm6250 Firmware →

Sm6250p Firmware by Qualcomm

View all CVEs affecting Sm6250p Firmware →

Sm7250p Firmware by Qualcomm

View all CVEs affecting Sm7250p Firmware →

Sm7315 Firmware by Qualcomm

View all CVEs affecting Sm7315 Firmware →

Sm7325p Firmware by Qualcomm

View all CVEs affecting Sm7325p Firmware →

Sm8350 Ac Firmware by Qualcomm

View all CVEs affecting Sm8350 Ac Firmware →

Sm8350 Firmware by Qualcomm

View all CVEs affecting Sm8350 Firmware →

Smart Audio 100 Platform Firmware by Qualcomm

View all CVEs affecting Smart Audio 100 Platform Firmware →

Snapdragon Auto 4g Modem Firmware by Qualcomm

View all CVEs affecting Snapdragon Auto 4g Modem Firmware →

Snapdragon Auto 5g Modem Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon Auto 5g Modem Rf Firmware →

Snapdragon Wear 4100\+ Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon Wear 4100\+ Platform Firmware →

Snapdragon X12 Lte Modem Firmware by Qualcomm

View all CVEs affecting Snapdragon X12 Lte Modem Firmware →

Snapdragon X24 Lte Modem Firmware by Qualcomm

View all CVEs affecting Snapdragon X24 Lte Modem Firmware →

Snapdragon X50 5g Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X50 5g Modem Rf System Firmware →

Snapdragon X55 5g Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X55 5g Modem Rf System Firmware →

Snapdragon X65 5g Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X65 5g Modem Rf System Firmware →

Snapdragon Xr1 Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon Xr1 Platform Firmware →

Snapdragon Xr2 5g Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon Xr2 5g Platform Firmware →

Snapdragon Xr2\+ Gen 1 Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon Xr2\+ Gen 1 Platform Firmware →

Sxr1120 Firmware by Qualcomm

View all CVEs affecting Sxr1120 Firmware →

Sxr2130 Firmware by Qualcomm

View all CVEs affecting Sxr2130 Firmware →

Wcd9326 Firmware by Qualcomm

View all CVEs affecting Wcd9326 Firmware →

Wcd9335 Firmware by Qualcomm

View all CVEs affecting Wcd9335 Firmware →

Wcd9340 Firmware by Qualcomm

View all CVEs affecting Wcd9340 Firmware →

Wcd9341 Firmware by Qualcomm

View all CVEs affecting Wcd9341 Firmware →

Wcd9360 Firmware by Qualcomm

View all CVEs affecting Wcd9360 Firmware →

Wcd9370 Firmware by Qualcomm

View all CVEs affecting Wcd9370 Firmware →

Wcd9371 Firmware by Qualcomm

View all CVEs affecting Wcd9371 Firmware →

Wcd9375 Firmware by Qualcomm

View all CVEs affecting Wcd9375 Firmware →

Wcd9380 Firmware by Qualcomm

View all CVEs affecting Wcd9380 Firmware →

Wcd9385 Firmware by Qualcomm

View all CVEs affecting Wcd9385 Firmware →

Wcn3610 Firmware by Qualcomm

View all CVEs affecting Wcn3610 Firmware →

Wcn3615 Firmware by Qualcomm

View all CVEs affecting Wcn3615 Firmware →

Wcn3620 Firmware by Qualcomm

View all CVEs affecting Wcn3620 Firmware →

Wcn3660 Firmware by Qualcomm

View all CVEs affecting Wcn3660 Firmware →

Wcn3660b Firmware by Qualcomm

View all CVEs affecting Wcn3660b Firmware →

Wcn3680 Firmware by Qualcomm

View all CVEs affecting Wcn3680 Firmware →

Wcn3680b Firmware by Qualcomm

View all CVEs affecting Wcn3680b Firmware →

Wcn3910 Firmware by Qualcomm

View all CVEs affecting Wcn3910 Firmware →

Wcn3950 Firmware by Qualcomm

View all CVEs affecting Wcn3950 Firmware →

Wcn3980 Firmware by Qualcomm

View all CVEs affecting Wcn3980 Firmware →

Wcn3988 Firmware by Qualcomm

View all CVEs affecting Wcn3988 Firmware →

Wcn3990 Firmware by Qualcomm

View all CVEs affecting Wcn3990 Firmware →

Wcn3991 Firmware by Qualcomm

View all CVEs affecting Wcn3991 Firmware →

Wcn3998 Firmware by Qualcomm

View all CVEs affecting Wcn3998 Firmware →

Wcn3999 Firmware by Qualcomm

View all CVEs affecting Wcn3999 Firmware →

Wcn6740 Firmware by Qualcomm

View all CVEs affecting Wcn6740 Firmware →

Wcn6750 Firmware by Qualcomm

View all CVEs affecting Wcn6750 Firmware →

Wcn685x 1 Firmware by Qualcomm

View all CVEs affecting Wcn685x 1 Firmware →

Wcn685x 5 Firmware by Qualcomm

View all CVEs affecting Wcn685x 5 Firmware →

Wsa8810 Firmware by Qualcomm

View all CVEs affecting Wsa8810 Firmware →

Wsa8815 Firmware by Qualcomm

View all CVEs affecting Wsa8815 Firmware →

Wsa8830 Firmware by Qualcomm

View all CVEs affecting Wsa8830 Firmware →

Wsa8835 Firmware by Qualcomm

View all CVEs affecting Wsa8835 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent malware installation.

🟠

Likely Case

Application crashes or denial of service affecting audio functionality, potentially requiring device restart.

🟢

If Mitigated

Controlled crashes without privilege escalation if proper sandboxing and memory protections are enforced.

🌐 Internet-Facing: MEDIUM - Requires user interaction (playing malicious audio) but could be delivered via web content or messaging apps.

🏢 Internal Only: LOW - Primarily affects client devices rather than internal infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user to play specially crafted APE audio file. No public exploits known as of August 2023.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm August 2023 security bulletin for specific chipset patches

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for your specific chipset. 2. Apply firmware update from device manufacturer. 3. Reboot device after update. 4. Verify patch installation.

🔧 Temporary Workarounds

Disable APE audio processing

android

Prevent processing of APE audio files to block attack vector

Use audio player with custom codec

android

Use third-party audio players that don't rely on vulnerable system components

🧯 If You Can't Patch

• Restrict audio file sources to trusted applications only
• Implement application sandboxing to limit impact of potential exploitation

🔍 How to Verify

Check if Vulnerable:

Copy

Check device chipset and firmware version against Qualcomm's August 2023 security bulletin

Check Version:

Copy

adb shell getprop ro.build.fingerprint (for Android devices)

Verify Fix Applied:

Copy

Verify firmware version has been updated to include August 2023 Qualcomm security patches

📡 Detection & Monitoring

Log Indicators:

• Audio service crashes
• COmxApeDec process failures
• Memory allocation errors in audio subsystem

Network Indicators:

• Unusual audio file downloads
• APE files from untrusted sources

SIEM Query:

Copy

process_name:"mediaserver" AND (event_type:crash OR error_code:memory_corruption)

📊 Metadata

CVE ID: CVE-2023-28537

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: August 8, 2023

Last Updated: November 21, 2024

🔗 References

• https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin Vendor Advisory
• https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28537, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)

CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)

CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)