Skip to main content

Freeware Advanced Audio Decoder 2 CVE-2017-9220

MEDIUM
Buffer Overflow (CWE-119)
2017-06-27 cve@mitre.org
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 27, 2017 - 12:29 cve.org
MEDIUM 5.5

DescriptionCVE.org

The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file.

AnalysisAI

The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file. Affected products include: Audiocoding Freeware Advanced Audio Decoder 2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2018-20197 HIGH POC
7.8 Dec 18

There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in F

CVE-2018-20196 HIGH POC
7.8 Dec 18

There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Fr

CVE-2018-20194 HIGH POC
7.8 Dec 18

There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in F

CVE-2018-19504 HIGH POC
7.8 Nov 23

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. Rated high severity (CVSS 7.8), this vulnera

CVE-2018-19503 HIGH POC
7.8 Nov 23

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. Rated high severity (CVSS 7.8), this vulnera

CVE-2018-19502 HIGH POC
7.8 Nov 23

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. Rated high severity (CVSS 7.8), this vulnera

CVE-2019-6956 HIGH POC
7.1 Jan 25

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated high severity (CVSS 7.1), this vulnera

CVE-2018-20362 MEDIUM POC
5.5 Dec 22

A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FA

CVE-2018-20361 MEDIUM POC
5.5 Dec 22

An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Adva

CVE-2018-20360 MEDIUM POC
5.5 Dec 22

An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freewar

CVE-2018-20359 MEDIUM POC
5.5 Dec 22

An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Free

CVE-2018-20358 MEDIUM POC
5.5 Dec 22

An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware A

Share

CVE-2017-9220 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy