CVE-2023-38857 — Out-of-bounds Write in Project Faad2

CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

5.5MEDIUMNVD

OSV7.8

EPSS

0.4%

top 40.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Faad2 Project Faad2

Timeline

PublishedAug 15

Latest updateAug 29

Description

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Ubuntufaad2_project/faad2< 2.9.1-1ubuntu0.1+3

▶NVDfaad2_project/faad22.10.1

🔴Vulnerability Details

OSV

faad2 vulnerabilities↗2023-08-29

▶

CVEList

CVE-2023-38857: Buffer Overflow vulnerability infaad2 v↗2023-08-15

▶

GHSA

GHSA-m4g7-w387-qg32: Buffer Overflow vulnerability infaad2 v↗2023-08-15

▶

OSV

CVE-2023-38857: Buffer Overflow vulnerability infaad2 v↗2023-08-15

▶

📋Vendor Advisories

Ubuntu

FAAD2 vulnerabilities↗2023-08-29

▶

Debian

CVE-2023-38857: faad2 - Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execu...↗2023

▶