
CVE-2018-20196 – Debian Security Advisory 5109-1
https://notcve.org/view.php?id=CVE-2018-20196
18 Dec 2018 — There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled. Hay un desbordamiento de búfer basado en pila en la tercera instancia de la función calculate_gain en libfaad/sbr_hfadj.c en Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Se podría realizar un ataque de denegación de se... • https://github.com/knik0/faad2/issues/19 • CWE-787: Out-of-bounds Write •

CVE-2018-20197 – Debian Security Advisory 4522-1
https://notcve.org/view.php?id=CVE-2018-20197
18 Dec 2018 — There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max > G case. Hay un subdesbordamiento de búfer basado en pila en la tercera instancia de la función calculate_gain en libfaad/sbr_hfadj.c en Freeware Advanced Audio Decoder 2 (FAAD2)... • https://github.com/knik0/faad2/issues/20 • CWE-787: Out-of-bounds Write •

CVE-2018-20198 – Debian Security Advisory 4522-1
https://notcve.org/view.php?id=CVE-2018-20198
18 Dec 2018 — A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the LONG_START_SEQUENCE case. Se ha descubierto una desreferencia de puntero NULL en ifilter_bank de libfaad/filtbank.c en Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Esta vulnerabilidad causa un error de segmentación y el... • https://github.com/knik0/faad2/issues/23 • CWE-476: NULL Pointer Dereference •

CVE-2018-20199 – Debian Security Advisory 5109-1
https://notcve.org/view.php?id=CVE-2018-20199
18 Dec 2018 — A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case. Se ha descubierto una desreferencia de puntero NULL en ifilter_bank de libfaad/filtbank.c en Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Esta vulnerabilidad causa un error de segmentación y el ... • https://github.com/knik0/faad2/issues/24 • CWE-476: NULL Pointer Dereference •

CVE-2018-19502 – Debian Security Advisory 4522-1
https://notcve.org/view.php?id=CVE-2018-19502
23 Nov 2018 — An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c. Se ha descubierto un problema en la versión 2.8.1 de Freeware Advanced Audio Decoder 2 (FAAD2). Hay un desbordamiento de búfer basado en memoria dinámica (heap) en la función excluded_channels() en libfaad/syntax.c. Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder. • https://github.com/TeamSeri0us/pocs/tree/master/faad • CWE-787: Out-of-bounds Write •

CVE-2018-19503 – Debian Security Advisory 4522-1
https://notcve.org/view.php?id=CVE-2018-19503
23 Nov 2018 — An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c. Se ha descubierto un problema en la versión 2.8.1 de Freeware Advanced Audio Decoder 2 (FAAD2). Hay un desbordamiento de búfer basado en pila en la función calculate_gain() en libfaad/sbr_hfadj.c. Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder. • https://github.com/TeamSeri0us/pocs/tree/master/faad • CWE-787: Out-of-bounds Write •

CVE-2018-19504 – Debian Security Advisory 4522-1
https://notcve.org/view.php?id=CVE-2018-19504
23 Nov 2018 — An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c. Se ha descubierto un problema en la versión 2.8.1 de Freeware Advanced Audio Decoder 2 (FAAD2). Hay una desreferencia de puntero NULL en ifilter_bank() en libfaad/filtbank.c. Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder. • https://github.com/TeamSeri0us/pocs/tree/master/faad • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •

CVE-2017-9257 – Freeware Advanced Audio Decoder 2 (FAAD2) Denial of Service
https://notcve.org/view.php?id=CVE-2017-9257
27 Jun 2017 — The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. La función mp4ff_read_ctts en common/mp4ff/mp4atom.c en Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 permite a atacantes remotos causar una denegación de servicio (bucle largo y consumo de CPU) utilizando un archivo mp4 manipulado. The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freewar... • https://packetstorm.news/files/id/143159 • CWE-834: Excessive Iteration •

CVE-2017-9254 – Freeware Advanced Audio Decoder 2 (FAAD2) Denial of Service
https://notcve.org/view.php?id=CVE-2017-9254
27 Jun 2017 — The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. La función mp4ff_read_stts en common/mp4ff/mp4atom.c en Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 permite a atacantes remotos causar una denegación de servicio (bucle largo y consumo de CPU) utilizando un archivo mp4 manipulado. The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freewar... • https://packetstorm.news/files/id/143159 • CWE-834: Excessive Iteration •

CVE-2017-9255 – Freeware Advanced Audio Decoder 2 (FAAD2) Denial of Service
https://notcve.org/view.php?id=CVE-2017-9255
27 Jun 2017 — The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. La función mp4ff_read_stsc en common/mp4ff/mp4atom.c en Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 permite a atacantes remotos causar una denegación de servicio (bucle largo y consumo de CPU) utilizando un archivo mp4 manipulado. The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freewar... • https://packetstorm.news/files/id/143159 • CWE-834: Excessive Iteration •