CVE-2023-38858 — Out-of-bounds Write in Project Faad2

CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

6.5MEDIUMNVD

OSV7.8

EPSS

0.7%

top 28.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Faad2 Project Faad2

Timeline

PublishedAug 15

Latest updateAug 29

Description

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶Ubuntufaad2_project/faad2< 2.9.1-1ubuntu0.1+3

▶NVDfaad2_project/faad22.10.1

🔴Vulnerability Details

OSV

faad2 vulnerabilities↗2023-08-29

▶

CVEList

CVE-2023-38858: Buffer Overflow vulnerability infaad2 v↗2023-08-15

▶

OSV

CVE-2023-38858: Buffer Overflow vulnerability infaad2 v↗2023-08-15

▶

GHSA

GHSA-46fj-h774-mfxr: Buffer Overflow vulnerability infaad2 v↗2023-08-15

▶

📋Vendor Advisories

Ubuntu

FAAD2 vulnerabilities↗2023-08-29

▶

Debian

CVE-2023-38858: faad2 - Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execu...↗2023

▶