CVE-2017-9221
Description
The mp4ff_read_mdhd function in FAAD2 2.7 can be triggered by a crafted MP4 file to cause a denial of service via invalid memory read and crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The mp4ff_read_mdhd function in FAAD2 2.7 can be triggered by a crafted MP4 file to cause a denial of service via invalid memory read and crash.
Vulnerability
The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) version 2.7 contains a flaw that allows remote attackers to cause an invalid memory read via a crafted MP4 file [1].
Exploitation
An attacker can exploit this vulnerability by supplying a specially crafted MP4 file to the FAAD2 decoder. No authentication or special privileges are required; merely processing the malicious file triggers the crash.
Impact
Successful exploitation results in an application crash due to an invalid memory read, leading to a denial of service condition.
Mitigation
No official fix has been disclosed in the available references [1]. Users are advised to restrict processing of untrusted MP4 files or apply vendor patches when they become available.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2:2.7:*:*:*:*:*:*:*
- Range: = 2.7
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing bounds validation in mp4ff_read_mdhd allows an invalid memory read when parsing a crafted mp4 atom."
Attack vector
An attacker crafts a malicious MP4 file containing a specially formed "mdhd" atom that triggers an invalid memory read when parsed [ref_id=1]. The victim must open the crafted file with the FAAD2 decoder (e.g., `./faad faad2_2.7_mp4ff_read_mdhd_invalid_memory_read.mp4 -o out.wav`) [ref_id=1]. No authentication or special privileges are required beyond user interaction to open the file. The crash manifests as a SEGV on address 0x00000000009c, indicating a near-null pointer dereference or out-of-bounds read [CWE-125] [ref_id=1].
Affected code
The vulnerable function is `mp4ff_read_mdhd` in `common/mp4ff/mp4atom.c` at line 614 [ref_id=1]. This function is called from `mp4ff_atom_read` (line 677) during MP4 atom parsing [ref_id=1].
What the fix does
The advisory does not include a patch or remediation guidance [ref_id=1]. No fix is published in the disclosed material. To close the vulnerability, the `mp4ff_read_mdhd` function would need to validate the size and bounds of the atom data before reading, ensuring that memory accesses stay within the allocated buffer [CWE-125].
Preconditions
- inputThe victim must open a crafted MP4 file with the FAAD2 decoder (e.g., via the faad command-line tool)
- authNo authentication or special privileges required
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- seclists.org/fulldisclosure/2017/Jun/32nvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.