Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-15296

Опубликовано: 21 авг. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8
CVSS3: 7.8

Описание

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words4, cast to uint32. If ld->buffer_size - words4 is negative, a buffer overflow is later performed via getdword_n(&ld->start[words], ld->bytes_left).

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
devel

not-affected

2.8.8-3ubuntu3
disco

ignored

end of life
eoan

not-affected

2.8.8-3ubuntu3
esm-apps/bionic

needed

esm-apps/focal

not-affected

2.8.8-3ubuntu3
esm-apps/jammy

not-affected

2.8.8-3ubuntu3
esm-apps/noble

not-affected

2.8.8-3ubuntu3
esm-apps/xenial

needed

esm-infra-legacy/trusty

released

2.7-8+deb8u3build0.14.04.1~esm1

Показывать по

Ссылки на источники

EPSS

Процентиль: 62%
0.00421
Низкий

6.8 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-15296

CVSS3: 7.8
nvd
больше 6 лет назад

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(&ld->start[words], ld->bytes_left).

debian логотип

CVE-2019-15296

CVSS3: 7.8
debian
больше 6 лет назад

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...

github логотип

GHSA-3p67-56xf-rrrf

github
больше 3 лет назад

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(&ld->start[words], ld->bytes_left).

fstec логотип

BDU:2019-03641

CVSS3: 7.8
fstec
больше 6 лет назад

Уязвимость функции faad_resetbits() набора программного обеспечения для работы с аудиофайлами Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании

EPSS

Процентиль: 62%
0.00421
Низкий

6.8 Medium

CVSS2

7.8 High

CVSS3