CVE-2021-32272: An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code…

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution.

Affected

11 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	faad2	< faad2 2.10.0-1 (bookworm)	faad2 2.10.0-1 (bookworm)
faad2_project	faad2	< 2.10.0	2.10.0
faad2_project	faad2	>= 0 < 2.10.0-1	2.10.0-1
faad2_project	faad2	>= 0 < 2.10.0-1	2.10.0-1
faad2_project	faad2	>= 0 < 2.10.0-1	2.10.0-1
faad2_project	faad2	>= 0 < 2.10.0-1	2.10.0-1
faad2_project	faad2	>= 0 < 2.9.1-1ubuntu0.1	2.9.1-1ubuntu0.1
faad2_project	faad2	>= 0 < 2.7-8+deb8u3ubuntu0.1~esm1	2.7-8+deb8u3ubuntu0.1~esm1
faad2_project	faad2	>= 0 < 2.8.0~cvs20150510-1ubuntu0.1+esm1	2.8.0~cvs20150510-1ubuntu0.1+esm1
faad2_project	faad2	>= 0 < 2.8.8-1ubuntu0.1~esm1	2.8.8-1ubuntu0.1~esm1

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

osv7.8HIGH