CVE-2017-9218 — Out-of-bounds Read in Freeware Advanced Audio Decoder 2

CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 52.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Faad2 Project Faad2 Audiocoding Freeware Advanced Audio Decoder 2

Timeline

PublishedJun 27

Latest updateMay 17

Description

The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDaudiocoding/freeware_advanced_audio_decoder_22.7

▶Debianfaad2_project/faad2< 2.8.1-1+3

🔴Vulnerability Details

GHSA

GHSA-c54q-428w-7mg4: The mp4ff_read_stsd function in common/mp4ff/mp4atom↗2022-05-17

▶

OSV

CVE-2017-9218: The mp4ff_read_stsd function in common/mp4ff/mp4atom↗2017-06-27

▶

CVEList

CVE-2017-9218: The mp4ff_read_stsd function in common/mp4ff/mp4atom↗2017-06-27

▶

📋Vendor Advisories

Debian

CVE-2017-9218: faad2 - The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audi...↗2017

▶