CVE-2018-20360

FAAD2 (libfaad) vulnerability CVE-2018-20360 arises from an invalid memory address dereference in sbr_process_channel (libfaad/sbr_dec.c), on FAAD2 2.8.8, causing segmentation fault and denial of service. Connected advisories confirm this issue among multiple FAAD2 CVEs and document patches acros...

CVE-2018-20199

CVE-2018-20199 affects FAAD2 2.8.8 (libfaad/filtbank.c) with a NULL pointer dereference in ifilter_bank, causing segmentation fault and DoS due to mishandling in ONLY_LONG_SEQUENCE. Multiple advisories (Debian DSA-5109/DSA-1899, Debian DLA-2792, Gentoo GLSA-202006-17) document this and urge upgra...

CVE-2018-19502

CVE-2018-19502 affects FAAD2 2.8.1: heap-based overflow in excluded_channels() (libfaad/syntax.c). Exploitation could enable denial of service via crafted MPEG AAC data. Advisory remediation: upgrade FAAD2 to at least 2.9.0 (per GLSA 202006-17) or equivalent Debian/DSA-4522/DLA-1899 guidance; Deb...

CVE-2018-20357

CVE-2018-20357 affects FAAD2 (Freeware Advanced Audio Decoder) 2.8.8. The vulnerability is a NULL pointer dereference in sbr_process_channel (libfaad/sbr_dec.c) that can cause a segmentation fault and application crash. Mitigation is to upgrade FAAD2 to a newer version; Gentoo GLSA-202006-17 and ...

CVE-2018-20362

A vulnerability in FAAD2 2.8.8 (libfaad/filtbank.c: ifilter_bank) causes a NULL pointer dereference that leads to a segmentation fault and crash when adding to windowed output in the EIGHT_SHORT_SEQUENCE case. Affected software is FAAD2, with CVE-2018-20362 among multiple issues; remediation is t...

CVE-2018-20196

CVE-2018-20196 affects FAAD2 (Freeware Advanced Audio Decoder) 2.8.8, with a stack-based buffer overflow in the third instance of calculate_gain (libfaad/sbr_hfadj.c) caused by mishandling the S_M array. The vulnerability could lead to denial of service or other unspecified impact. Public advisor...

CVE-2018-20197

CVE-2018-20197 refers to a stack-based buffer underflow in FAAD2 (Freeware Advanced Audio Decoder) 2.8.8, in the third instance of calculate_gain within libfaad/sbr_hfadj.c. A crafted input may cause denial of service or unspecified impact due to mishandling of the G_max > G case. Connected so...

CVE-2019-6956

FAAD2 2.8.8 contains CVE-2019-6956: a buffer over-read in ps_mix_phase (libfaad/ps_dec.c). Public advisories (Debian, Gentoo GLSA) link this to potential denial of service and related impacts; Debian notes several FAAD2 CVEs in older releases. The issues are fixed in later FAAD2 releases (Gentoo ...

CVE-2018-20361

CVE-2018-20361 affects FAAD2 (Freeware Advanced Audio Decoder) 2.8.8, where an invalid memory address dereference in libfaad/sbr_hfadj.c:hf_assembly can trigger a segmentation fault and crash the application, leading to a denial of service. Connected sources confirm this vulnerability in FAAD2 an...

CVE-2018-20194

CVE-2018-20194 affects FAAD2 (FAAD2 2.8.8) via a stack-based buffer underflow in the third instance of calculate_gain() in libfaad/sbr_hfadj.c. A crafted input can cause denial of service or other unspecified impact by mishandling G_max

CVE-2019-15296

FAAD2 vulnerability CVE-2019-15296 affects Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c can read a negative remaining buffer size (ld->buffer_size - words*4), leading to a buffer overflow via getdword_n, with the impact described as potential d...

CVE-2018-20198

CVE-2018-20198 affects FAAD2 (libfaad) 2.8.8 with a NULL pointer dereference in ifilter_bank/filtbank.c, causing a segmentation fault and denial of service when handling LONG_START_SEQUENCE windowed output. Connected advisories confirm multiple FAAD2 vulnerabilities; remediation guidance across s...

CVE-2018-19504

CVE-2018-19504 affects FAAD2 2.8.1, with a NULL pointer dereference in ifilter_bank() (libfaad/filtbank.c). Supported documents consistently describe this vulnerability across multiple feeds (NVD, CNVD, Debian DSAs, Gentoo GLSA) and indicate exposure in FAAD2; no exploit details are provided in t...

CVE-2018-20358

CVE-2018-20358 affects FAAD2 2.8.8; the invalid memory address dereference occurs in libfaad/lt_predict.c (lt_prediction) causing a segmentation fault and DoS. Publicly documented mitigations in connected sources include upgrading FAAD2 to 2.9.0 or newer (e.g., Gentoo GLSA-202006-17 recommends up...

CVE-2018-19503

CVE-2018-19503 affects FAAD2 2.8.1: a stack-based buffer overflow in libfaad/sbr_hfadj.c (calculate_gain) could enable denial of service or code execution. Several sources corroborate FAAD2 vulnerabilities; Debian GLSA/DSA recommendations urge upgrading to newer FAAD2 (e.g., 2.9.0+). If upgrading...

CVE-2018-20359

CVE-2018-20359 affects FAAD2 2.8.8, where an invalid memory address dereference in libfaad/sbr_dec.c (sbrDecodeSingleFramePS) can cause a segmentation fault and application crash, resulting in a denial of service. Public advisories in connected docs indicate multiple vendors track this in FAAD2 a...

CVE-2018-20195

CVE-2018-20195 affects FAAD2 up to version 2.8.8, where a NULL pointer dereference in ic_predict.c can cause a segmentation fault and denial of service. Public advisories (Debian DSA-4522, Gentoo GLSA-202006-17) recommend upgrading FAAD2 to a newer release (Gentoo: >= faad2-2.9.0). Other listi...

CVE-2017-9223

CVE-2017-9223 affects Freeware Advanced Audio Decoder 2 (FAAD2) v2.7. The mp4ff_read_stts function in common/mp4ff/mp4atom.c can be exploited by a crafted MP4 file to cause a denial of service via an invalid memory read and application crash. Multiple sources confirm the issue in FAAD2 2.7. Debia...

CVE-2017-9218

CVE-2017-9218 affects Freeware Advanced Audio Decoder 2 (FAAD2) 2.7. The vulnerable component is mp4ff_read_stsd in common/mp4ff/mp4atom.c, where crafted MP4 files can trigger an invalid memory read leading to an application crash (denial of service). Connected sources corroborate the same descri...

CVE-2017-9254

CVE-2017-9254 is confirmed in FAAD2 version 2.7, where the function mp4ff_read_stts in common/mp4ff/mp4atom.c can be exploited by a crafted MP4 file to cause a denial of service (large loop and high CPU usage). The connected documents (OSV/ CNVD/NVD references) provide identical descriptions of t...

CVE-2017-9257

Summary (CVE-2017-9257): The vulnerability affects FAAD2 2.7, where the function mp4ff_read_ctts in common/mp4ff/mp4atom.c can be abused by a crafted MP4 file to trigger a denial of service through a large loop/CPU consumption. The issue is documented across multiple feeds; Debian’s DLA-1077-1 no...

CVE-2017-9220

CVE-2017-9220 affects FAAD2 2.x; the mp4ff_read_stco function in common/mp4ff/mp4atom.c can be triggered by a crafted MP4 to cause a memory allocation error and denial of service. Connected sources confirm this is a remote-denial condition via crafted files in FAAD2 2.7. Debian advisory confirms ...

CVE-2017-9222

Affected software: Freeware Advanced Audio Decoder 2 (FAAD2) version 2.7. The vulnerability is in the mp4ff_parse_tag function (common/mp4ff/mp4meta.c) and can be triggered by a crafted MP4 file. Root cause: parsing a crafted file can cause an infinite loop, leading to CPU consumption and denial ...

CVE-2017-9255

The vulnerability CVE-2017-9255 affects Freeware Advanced Audio Decoder 2 (FAAD2) version 2.7. The mp4ff_read_stsc function in common/mp4ff/mp4atom.c is vulnerable to crafted MP4 files, allowing remote attackers to trigger a denial of service via a large loop and high CPU usage. The connected OSV...

CVE-2017-9219

CVE-2017-9219 affects FAAD2 (Freeware Advanced Audio Decoder) 2.7. The vulnerability is in the mp4ff_read_stsc function (common/mp4ff/mp4atom.c) and allows remote attackers to trigger a denial-of-service through a crafted MP4 file, causing a memory allocation failure and application crash. Impact...

CVE-2017-9253

CVE-2017-9253 affects Freeware Advanced Audio Decoder 2 (FAAD2) 2.7. The vulnerability is in the mp4ff_read_stsd function (common/mp4ff/mp4atom.c) and can be exploited remotely to cause a denial of service via a crafted MP4 file (large loop/CPU consumption). Debian and OSV entries corroborate the...

CVE-2017-9256

CVE-2017-9256 affects FAAD2 2.7, where the mp4ff_read_stco function in common/mp4ff/mp4atom.c can be triggered by a crafted MP4 file to cause a denial of service (large loop and high CPU usage). Public references confirm the issue in FAAD2 2.7 and map to multiple CVE entries. Debian’s DLA-1077-1 ...

CVE-2017-9221

CVE-2017-9221 affects Freeware Advanced Audio Decoder 2 (FAAD2) v2.7. The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c is exploitable via a crafted MP4 file to cause a denial of service through an invalid memory read and application crash. Public disclosures and multiple CVE trackers corrob...