9 matches found
CVE-2021-32278
CVE-2021-32278 affects FAAD2 up to version 2.10.0, with a heap-buffer-overflow in lt_prediction (lt_predict.c) that can lead to code execution. Connected bulletins confirm the issue and link it to FAAD2 across multiple distributions. Advisories (Debian DSA-5109, Debian DLA-2792, Ubuntu USN-6313-1...
CVE-2023-38858
FAAD2 (v2.10.1) is affected by a Buffer Overflow via the mp4read.c:1039 path in the mp4info function, enabling remote code execution and a denial of service. Public references across multiple feeds confirm the CVE-2023-38858 issue; Gentoo GLSA 202401-13 recommends upgrading to faad2-2.11.0 or lat...
CVE-2021-32277
CVE-2021-32277 affects faad2 up to version 2.10.0. The vulnerability is a heap-buffer-overflow in sbr_qmf_analysis_32 (sbr_qmf.c) that can allow code execution. Multiple connected advisories reference FAAD2 and this CVE, confirming the same underlying issue across Debian/Ubuntu/Nessus entries. Th...
CVE-2021-32276
CVE-2021-32276 concerns Faad2 up to version 2.10.0. Affected component: libfaad, specifically the function get_sample() in output.c. Root cause: NULL pointer dereference, which can be triggered to cause Denial of Service. Documented impact is partial availability degradation via DoS. Exploitation...
CVE-2021-32274
FAAD2 (faad2) versions up to 2.10.0 are affected by a heap-buffer-overflow in sbr_qmf_synthesis_64 (sbr_qmf.c), enabling potential code execution. This CVE (CVE-2021-32274) is referenced in multiple advisories (Debian/Ubuntu/DLA/DLA-2792, USN 6313-1) indicating a patch is available in newer faad2...
CVE-2021-32272
CVE-2021-32272 affects FAAD2 up to version 2.10.0. A heap-buffer-overflow in function stszin (mp4read.c) can allow a remote attacker to achieve Code Execution . Affected: faad2 before 2.10.0. Root cause: heap-buffer-overflow in mp4read.c. Impact: code execution. Remediation: upgrade to 2.10.0 or ...
CVE-2021-32273
FAAD2
CVE-2021-26567
Summary: CVE-2021-26567 is a stack-based buffer overflow in the FAAD2 decoder (frontend/main.c) of faad2 prior to 2.2.7.1. The vulnerability allows a local attacker to execute arbitrary code via crafted filename and pathname options. Affected context is mainly Synology DiskStation Manager (faad2 ...
CVE-2023-38857
FAAD2 v2.10.1 is affected by CVE-2023-38857 (Buffer Overflow) via the stcoin code path in mp4read.c, enabling potential remote code execution and denial of service. Connected advisories confirm FAAD2 vulnerabilities and recommend upgrading to a newer release. Gentoo GLSA-202401-13 instructs upgra...