Faad2 Project Faad2 vulnerabilities

CVE-2023-38858 [MEDIUM] CWE-787 CVE-2023-38858: Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code an Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039.

CVE-2023-38857 [MEDIUM] CWE-787 CVE-2023-38857: Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code an Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.

CVE-2021-32277 [HIGH] CWE-787 CVE-2021-32277: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_q An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution.

CVE-2021-32273 [HIGH] CWE-787 CVE-2021-32273: An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftyp An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution.

CVE-2021-32274 [HIGH] CWE-787 CVE-2021-32274: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_q An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution.

CVE-2021-32272 [HIGH] CWE-787 CVE-2021-32272: An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution.

CVE-2021-32278 [HIGH] CWE-787 CVE-2021-32278: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_pr An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution.

CVE-2021-32276 [MEDIUM] CWE-476 CVE-2021-32276: An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function g An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service.

CVE-2021-26567 [HIGH] CWE-121 CVE-2021-26567: Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local att Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.

CVE-2019-15296 [HIGH] CVE-2019-15296: An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(&ld->start[words], ld->bytes_left).

CVE-2019-6956 [HIGH] CVE-2019-6956: An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.

CVE-2018-20362 [MEDIUM] CVE-2018-20362: A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case.

CVE-2018-20361 [MEDIUM] CVE-2018-20361: An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

CVE-2018-20357 [MEDIUM] CVE-2018-20357: A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash.

CVE-2018-20360 [MEDIUM] CVE-2018-20360: An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

CVE-2018-20358 [MEDIUM] CVE-2018-20358: An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

CVE-2018-20359 [MEDIUM] CVE-2018-20359: An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

CVE-2018-20197 [HIGH] CVE-2018-20197: There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max > G case.

CVE-2018-20196 [HIGH] CVE-2018-20196: There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.

CVE-2018-20194 [HIGH] CVE-2018-20194: There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max <= G case.