Arbitrary Code Execution

2020-05-1023:28:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

46.1%

JSON

faad2 is vulnerable to arbitrary code execution. The vulnerability exists as an issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.

CPENameOperatorVersion
faad2eq2.7-r7

CPE	Name	Operator	Version
	faad2	eq	2.7-r7

References

github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md

lists.debian.org/debian-lts-announce/2019/08/msg00033.html

lists.debian.org/debian-lts-announce/2021/10/msg00020.html

security.gentoo.org/glsa/202006-17

sourceforge.net/p/faac/bugs/240/

www.debian.org/security/2022/dsa-5109

0.001 Low

EPSS

Percentile

46.1%

JSON

Related for VERACODE:25364