{"id":34258,"date":"2026-01-06T17:03:00","date_gmt":"2026-01-06T17:03:00","guid":{"rendered":"http:\/\/localhost\/?p=34258"},"modified":"2026-01-06T17:03:00","modified_gmt":"2026-01-06T17:03:00","slug":"buffer-copy-without-checking-size-of-input-in-dsp-service","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=34258","title":{"rendered":"Buffer Copy Without Checking Size of Input in DSP Service_CVE-2025-47394"},"content":{"rendered":"

{“lastseen”:””,”description”:”Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.”,”published”:”2026-01-06T22:48:47.556Z”,”modified”:”2026-01-06T22:48:47.556Z”,”type”:”cve”,”title”:”Buffer Copy Without Checking Size of Input in DSP Service”,”source”:”qualcomm”,”references”:”https:\/\/docs.qualcomm.com\/product\/publicresources\/securitybulletin\/january-2026-bulletin.html”,”id”:”CVE-2025-47394″,”bulletinFamily”:””,”cwe”:[“CWE-120″],”cvelist”:null,”sourceData”:”Qualcomm, Inc. Snapdragon FastConnect 6200\\nQualcomm, Inc. Snapdragon FastConnect 6700\\nQualcomm, Inc. Snapdragon FastConnect 6900\\nQualcomm, Inc. Snapdragon FastConnect 7800\\nQualcomm, Inc. Snapdragon QCS610\\nQualcomm, Inc. Snapdragon QMP1000\\nQualcomm, Inc. Snapdragon Qualcomm Video Collaboration VC1 Platform\\nQualcomm, Inc. Snapdragon Qualcomm Video Collaboration VC3 Platform\\nQualcomm, Inc. Snapdragon SG6150\\nQualcomm, Inc. Snapdragon SG6150P\\nQualcomm, Inc. Snapdragon SM6475\\nQualcomm, Inc. Snapdragon SM7435\\nQualcomm, Inc. Snapdragon SM8735\\nQualcomm, Inc. Snapdragon SM8750\\nQualcomm, Inc. Snapdragon SM8750P\\nQualcomm, Inc. Snapdragon Snapdragon 4 Gen 2 Mobile Platform\\nQualcomm, Inc. Snapdragon Snapdragon 6 Gen 1 Mobile Platform\\nQualcomm, Inc. Snapdragon Snapdragon W5+ Gen 1 Wearable Platform\\nQualcomm, Inc. Snapdragon SW5100\\nQualcomm, Inc. Snapdragon SW5100P\\nQualcomm, Inc. Snapdragon SXR2330P\\nQualcomm, Inc. Snapdragon SXR2350P\\nQualcomm, Inc. Snapdragon WCD9370\\nQualcomm, Inc. Snapdragon WCD9375\\nQualcomm, Inc. Snapdragon WCD9378\\nQualcomm, Inc. Snapdragon WCD9380\\nQualcomm, Inc. Snapdragon WCD9385\\nQualcomm, Inc. Snapdragon WCD9395\\nQualcomm, Inc. Snapdragon WCN3950\\nQualcomm, Inc. Snapdragon WCN3980\\nQualcomm, Inc. Snapdragon WCN3988\\nQualcomm, Inc. Snapdragon WCN6755\\nQualcomm, Inc. Snapdragon WCN7750\\nQualcomm, Inc. Snapdragon WCN7860\\nQualcomm, Inc. Snapdragon WCN7861\\nQualcomm, Inc. Snapdragon WCN7880\\nQualcomm, Inc. Snapdragon WCN7881\\nQualcomm, Inc. Snapdragon WSA8810\\nQualcomm, Inc. Snapdragon WSA8815\\nQualcomm, Inc. Snapdragon WSA8830\\nQualcomm, Inc. Snapdragon WSA8832\\nQualcomm, Inc. Snapdragon WSA8835\\nQualcomm, Inc. Snapdragon WSA8840\\nQualcomm, Inc. Snapdragon WSA8845\\nQualcomm, Inc. Snapdragon WSA8845H”,”sourceHref”:””,”cvss”:{“score”:7.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Snapdragon”,”version”:”FastConnect 6200″,”vendor”:”Qualcomm, Inc.”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.”,”published”:”2026-01-06T22:48:47.556Z”,”modified”:”2026-01-06T22:48:47.556Z”,”type”:”cve”,”title”:”Buffer Copy Without Checking Size of Input in DSP Service”,”source”:”qualcomm”,”references”:”https:\/\/docs.qualcomm.com\/product\/publicresources\/securitybulletin\/january-2026-bulletin.html”,”id”:”CVE-2025-47394″,”bulletinFamily”:””,”cwe”:[“CWE-120″],”cvelist”:null,”sourceData”:”Qualcomm, Inc. Snapdragon…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,28,12,15,13,7,11,5],"class_list":["post-34258","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-78","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nBuffer Copy Without Checking Size of Input in DSP Service_CVE-2025-47394 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=34258\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Buffer Copy Without Checking Size of Input in DSP Service_CVE-2025-47394 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.”,”published”:”2026-01-06T22:48:47.556Z”,”modified”:”2026-01-06T22:48:47.556Z”,”type”:”cve”,”title”:”Buffer Copy Without Checking Size of Input in DSP Service”,”source”:”qualcomm”,”references”:”https:\/\/docs.qualcomm.com\/product\/publicresources\/securitybulletin\/january-2026-bulletin.html”,”id”:”CVE-2025-47394″,”bulletinFamily”:””,”cwe”:[“CWE-120″],”cvelist”:null,”sourceData”:”Qualcomm, Inc. Snapdragon...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=34258\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-06T17:03:00+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=34258#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=34258\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Buffer Copy Without Checking Size of Input in DSP Service_CVE-2025-47394\",\"datePublished\":\"2026-01-06T17:03:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=34258\"},\"wordCount\":353,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.8\",\"exploit\",\"HIGH\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=34258#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=34258\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=34258\",\"name\":\"Buffer Copy Without Checking Size of Input in DSP Service_CVE-2025-47394 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-01-06T17:03:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=34258#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=34258\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=34258#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Buffer Copy Without Checking Size of Input in DSP Service_CVE-2025-47394\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Buffer Copy Without Checking Size of Input in DSP Service_CVE-2025-47394 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=34258","og_locale":"en_US","og_type":"article","og_title":"Buffer Copy Without Checking Size of Input in DSP Service_CVE-2025-47394 - zero redgem","og_description":"{“lastseen”:””,”description”:”Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.”,”published”:”2026-01-06T22:48:47.556Z”,”modified”:”2026-01-06T22:48:47.556Z”,”type”:”cve”,”title”:”Buffer Copy Without Checking Size of Input in DSP Service”,”source”:”qualcomm”,”references”:”https:\/\/docs.qualcomm.com\/product\/publicresources\/securitybulletin\/january-2026-bulletin.html”,”id”:”CVE-2025-47394″,”bulletinFamily”:””,”cwe”:[“CWE-120″],”cvelist”:null,”sourceData”:”Qualcomm, Inc. Snapdragon...","og_url":"https:\/\/zero.redgem.net\/?p=34258","og_site_name":"zero redgem","article_published_time":"2026-01-06T17:03:00+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=34258#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=34258"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Buffer Copy Without Checking Size of Input in DSP Service_CVE-2025-47394","datePublished":"2026-01-06T17:03:00+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=34258"},"wordCount":353,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.8","exploit","HIGH","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=34258#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=34258","url":"https:\/\/zero.redgem.net\/?p=34258","name":"Buffer Copy Without Checking Size of Input in DSP Service_CVE-2025-47394 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-01-06T17:03:00+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=34258#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=34258"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=34258#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Buffer Copy Without Checking Size of Input in DSP Service_CVE-2025-47394"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/34258","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=34258"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/34258\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=34258"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=34258"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=34258"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}