Skip to content

An issue was discovered in Freeware Advanced Audio...

High severity Unreviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Jan 28, 2023

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words4, cast to uint32. If ld->buffer_size - words4 is negative, a buffer overflow is later performed via getdword_n(&ld->start[words], ld->bytes_left).

References

Published by the National Vulnerability Database Aug 21, 2019
Published to the GitHub Advisory Database May 24, 2022
Last updated Jan 28, 2023

Severity

High

EPSS score

0.200%
(58th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2019-15296

GHSA ID

GHSA-3p67-56xf-rrrf

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.