CVE-2017-9218
Description
FAAD2 2.7 crashes via crafted MP4 file due to invalid memory read in mp4ff_read_stsd, leading to denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
FAAD2 2.7 crashes via crafted MP4 file due to invalid memory read in mp4ff_read_stsd, leading to denial of service.
Vulnerability
In Freeware Advanced Audio Decoder 2 (FAAD2) version 2.7, the function mp4ff_read_stsd in common/mp4ff/mp4atom.c performs an invalid memory read when processing a specially crafted MP4 file. This occurs because the function does not properly validate input data from the MP4 container, allowing a remote attacker to trigger a segmentation fault. The vulnerability is reachable when the faad decoder attempts to parse a malformed stsd atom in an MP4 file.
Exploitation
An attacker can exploit this vulnerability by providing a crafted MP4 file to the faad decoder. No authentication or special privileges are required; the victim only needs to open the malicious file using FAAD2. The crash occurs during the parsing phase, as demonstrated by the ASAN report showing a segfault at a null-like address ([1]).
Impact
Successful exploitation causes a denial of service (DoS) due to an invalid memory read, resulting in a crash of the application. There is no indication of code execution or data exfiltration; the impact is limited to availability degradation [1].
Mitigation
As of the available references, no official patch has been released for FAAD2 2.7. Users should avoid processing untrusted MP4 files with the affected version or consider using alternative decoders until a fix becomes available. The issue is not listed in CISA's Known Exploited Vulnerabilities catalog [1].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2:2.7:*:*:*:*:*:*:*
- Range: =2.7
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing bounds validation in mp4ff_read_stsd allows an invalid memory read from a crafted MP4 stsd atom."
Attack vector
An attacker supplies a crafted MP4 file that, when processed by FAAD2's `mp4ff_read_stsd` function, causes an invalid memory read (out-of-bounds read) [CWE-125] [ref_id=1]. The crash manifests as a segmentation fault (SEGV) at address 0x000000000014, indicating a null or near-null pointer dereference during the stsd atom parsing [ref_id=1]. The attack requires no authentication and is triggered by opening the malicious file (user interaction is needed to invoke the decoder) [ref_id=1].
Affected code
The vulnerability resides in the `mp4ff_read_stsd` function in `common/mp4ff/mp4atom.c` of FAAD2 2.7 [ref_id=1]. The crash occurs at line 386 of that file, triggered when parsing a crafted MP4 file [ref_id=1].
What the fix does
No patch is included in the bundle. The advisory does not provide remediation guidance beyond noting the vulnerability exists in FAAD2 version 2.7 [ref_id=1]. To close the vulnerability, the `mp4ff_read_stsd` function would need to add bounds checking on the MP4 atom data before reading, ensuring that offsets and sizes derived from the file do not cause reads outside allocated memory [CWE-125].
Preconditions
- inputThe victim must open a crafted MP4 file with FAAD2 (e.g., via the faad command-line tool)
- authNo authentication or special privileges required
Reproduction
Run `./faad faad2_2.7_mp4ff_read_stsd_invalid_memory_read.mp4 -o out.wav` against the FAAD2 2.7 binary [ref_id=1]. The tool will crash with a SEGV at `mp4ff_read_stsd` line 386 [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- seclists.org/fulldisclosure/2017/Jun/32nvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.