CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-19502
https://notcve.org/view.php?id=CVE-2018-19502
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c. Se ha descubierto un problema en la versión 2.8.1 de Freeware Advanced Audio Decoder 2 (FAAD2). Hay un desbordamiento de búfer basado en memoria dinámica (heap) en la función excluded_channels() en libfaad/syntax.c. • https://github.com/TeamSeri0us/pocs/tree/master/faad https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html https://seclists.org/bugtraq/2019/Sep/28 https://security.gentoo.org/glsa/202006-17 https://sourceforge.net/p/faac/bugs/240 https://www.debian.org/security/2019/dsa-4522 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-19503
https://notcve.org/view.php?id=CVE-2018-19503
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c. Se ha descubierto un problema en la versión 2.8.1 de Freeware Advanced Audio Decoder 2 (FAAD2). Hay un desbordamiento de búfer basado en pila en la función calculate_gain() en libfaad/sbr_hfadj.c. • https://github.com/TeamSeri0us/pocs/tree/master/faad https://seclists.org/bugtraq/2019/Sep/28 https://security.gentoo.org/glsa/202006-17 https://sourceforge.net/p/faac/bugs/240 https://www.debian.org/security/2019/dsa-4522 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9220 – Freeware Advanced Audio Decoder 2 (FAAD2) Denial Of Service
https://notcve.org/view.php?id=CVE-2017-9220
The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file. La función mp4ff_read_stco en common/mp4ff/mp4atom.c en libasn1fix.a en Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 permite a atacantes remotos causar una denegación de servicio (error de asignación de memoria) utilizando un archivo mp4 manipulado. The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) version 2.7 can cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. • http://seclists.org/fulldisclosure/2017/Jun/32 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9222 – Freeware Advanced Audio Decoder 2 (FAAD2) Denial Of Service
https://notcve.org/view.php?id=CVE-2017-9222
The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. La función mp4ff_parse_tag en common/mp4ff/mp4meta.c en libasn1fix.a en Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) utilizando un archivo mp4 manipulado. The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) version 2.7 can cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. • http://seclists.org/fulldisclosure/2017/Jun/32 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9223 – Freeware Advanced Audio Decoder 2 (FAAD2) Denial Of Service
https://notcve.org/view.php?id=CVE-2017-9223
The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. La función mp4ff_read_stts en common/mp4ff/mp4atom.c en Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 permite que atacantes remotos provoquen una denegación de servicio (lectura de memoria inválida y cierre inesperado de la aplicación) mediante un archivo mp4 manipulado. The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) version 2.7 can cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. • http://seclists.org/fulldisclosure/2017/Jun/32 • CWE-125: Out-of-bounds Read •