Unrated severityNVD Advisory· Published Jan 25, 2019· Updated Aug 4, 2024

CVE-2019-6956

Description

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.

Affected products

osv-coords
pkg:rpm/opensuse/faad2&distro=openSUSE%20Tumbleweed
Range: < 2.11.2-2.1

Patches

365532ebc777

version -> 2.9.0

https://github.com/knik0/faad2Fabian GreffrathSep 9, 2019via osv

commit

1 file changed · +1 −1

configure.ac+1 −1 modified

@@ -8,7 +8,7 @@ dnl - xmms input mp4/aac plugin
 dnl - mpeg4ip plugin (requires mpeg4ip's libmp4v2 to be installed)
 
 AC_PREREQ(2.50)
-AC_INIT(faad2, 2.8.8)
+AC_INIT(faad2, 2.9.0)
 AC_CONFIG_AUX_DIR(.)
 AM_INIT_AUTOMAKE([subdir-objects])

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

security.gentoo.org/glsa/202006-17mitrevendor-advisoryx_refsource_GENTOO
www.debian.org/security/2022/dsa-5109mitrevendor-advisoryx_refsource_DEBIAN
github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.mdmitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2019/08/msg00033.htmlmitremailing-listx_refsource_MLIST
lists.debian.org/debian-lts-announce/2021/10/msg00020.htmlmitremailing-listx_refsource_MLIST
sourceforge.net/p/faac/bugs/240/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000