CVE-2021-32277
https://notcve.org/view.php?id=CVE-2021-32277
An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution. Se ha detectado un problema en faad2 versiones hasta 2.10.0. Se presenta un desbordamiento del búfer de la pila en la función sbr_qmf_analysis_32 ubicada en el archivo sbr_qmf.c. • https://github.com/knik0/faad2/issues/59 https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html https://www.debian.org/security/2022/dsa-5109 • CWE-787: Out-of-bounds Write •
CVE-2021-32278
https://notcve.org/view.php?id=CVE-2021-32278
An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution. Se ha detectado un problema en faad2 versiones hasta 2.10.0. Se presenta un desbordamiento del búfer de la pila en la función lt_prediction ubicada en el archivo lt_predict.c. • https://github.com/knik0/faad2/issues/62 https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html https://www.debian.org/security/2022/dsa-5109 • CWE-787: Out-of-bounds Write •
CVE-2021-32273
https://notcve.org/view.php?id=CVE-2021-32273
An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution. Se ha detectado un problema en faad2 versiones hasta 2.10.0. Se presenta un desbordamiento del búfer de pila en la función ftypin ubicada en el archivo mp4read.c. • https://github.com/knik0/faad2/issues/56 https://www.debian.org/security/2022/dsa-5109 • CWE-787: Out-of-bounds Write •
CVE-2021-26567
https://notcve.org/view.php?id=CVE-2021-26567
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. La vulnerabilidad de desbordamiento de búfer basada en la pila en frontend/main.c en faad2 versiones anteriores a 2.2.7.1 permite a los atacantes locales ejecutar código arbitrario a través de las opciones de nombre de archivo y ruta. • https://github.com/knik0/faad2/commit/720f7004d6c4aabee19aad16e7c456ed76a3ebfa https://www.synology.com/security/advisory/Synology_SA_20_26 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •