CVE-2021-32277 — Out-of-bounds Write in Project Faad2

CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 62.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Faad2 Project Faad2 Debian Linux

Timeline

PublishedSep 20

Latest updateAug 29

Description

An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶Debianfaad2_project/faad2< 2.10.0-1+3

▶Ubuntufaad2_project/faad2< 2.9.1-1ubuntu0.1+3

▶NVDfaad2_project/faad22.10.0

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

OSV

faad2 vulnerabilities↗2023-08-29

▶

GHSA

GHSA-4wgh-rg45-9q3p: An issue was discovered in faad2 through 2↗2022-05-24

▶

OSV

CVE-2021-32277: An issue was discovered in faad2 through 2↗2021-09-20

▶

CVEList

CVE-2021-32277: An issue was discovered in faad2 through 2↗2021-09-20

▶

📋Vendor Advisories

Ubuntu

FAAD2 vulnerabilities↗2023-08-29

▶

Debian

CVE-2021-32277: faad2 - An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists i...↗2021

▶