Unrated severityNVD Advisory· Published Aug 21, 2019· Updated Aug 5, 2024

CVE-2019-15296

Description

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(&ld->start[words], ld->bytes_left).

Affected products

Freeware/Advanced Audio Decoder 2description
osv-coords
pkg:rpm/opensuse/faad2&distro=openSUSE%20Tumbleweed
Range: < 2.11.2-2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202006-17mitrevendor-advisoryx_refsource_GENTOO
www.debian.org/security/2019/dsa-4522mitrevendor-advisoryx_refsource_DEBIAN
github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174mitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2019/08/msg00033.htmlmitremailing-listx_refsource_MLIST
seclists.org/bugtraq/2019/Sep/28mitremailing-listx_refsource_BUGTRAQ

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000