0.005 Low
EPSS
Percentile
76.6%
faad2 is vulnerable to arbitrary code execution. A heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c allows an attacker to execute arbitrary code on the system.
excluded_channels()
libfaad/syntax.c
github.com/TeamSeri0us/pocs/tree/master/faad
lists.debian.org/debian-lts-announce/2019/08/msg00033.html
seclists.org/bugtraq/2019/Sep/28
security.gentoo.org/glsa/202006-17
sourceforge.net/p/faac/bugs/240/
www.debian.org/security/2019/dsa-4522