CVE-2019-15296
Debian Security Advisory 4522-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(&ld->start[words], ld->bytes_left).
Permisos inapropiados en el instalador para IntelĀ® Remote Displays SDK versiones anteriores a 2.0.1 R2, pueden permitir a un usuario autenticado activar potencialmente la escalada de privilegios por medio del acceso local.
Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder. These vulnerabilities might allow remote attackers to cause denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC files are processed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-21 CVE Reserved
- 2019-08-21 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html | Mailing List |
|
https://seclists.org/bugtraq/2019/Sep/28 | Mailing List |
|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174 | 2020-06-15 |
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202006-17 | 2020-06-15 | |
https://www.debian.org/security/2019/dsa-4522 | 2020-06-15 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Audiocoding Search vendor "Audiocoding" | Freeware Advanced Audio Decoder 2 Search vendor "Audiocoding" for product "Freeware Advanced Audio Decoder 2" | 2.8.8 Search vendor "Audiocoding" for product "Freeware Advanced Audio Decoder 2" and version "2.8.8" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
|