Freeware Advanced Audio Decoder 2
CVE-2017-9222
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
AnalysisAI
The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-835. The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. Affected products include: Audiocoding Freeware Advanced Audio Decoder 2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in F
There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Fr
There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in F
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. Rated high severity (CVSS 7.8), this vulnera
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. Rated high severity (CVSS 7.8), this vulnera
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. Rated high severity (CVSS 7.8), this vulnera
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated high severity (CVSS 7.1), this vulnera
A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FA
An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Adva
An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freewar
An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Free
An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware A
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today