U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): faad2
  • Search Type: Search All
There are 8 matching records.
Displaying matches 1 through 8.
Vuln ID Summary CVSS Severity
CVE-2021-32278

An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution.

Published: September 20, 2021; 12:15:10 PM -0400 		V3.1: 7.8 HIGH
 V2.0: 6.8 MEDIUM
CVE-2021-32277

An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution.

Published: September 20, 2021; 12:15:10 PM -0400 		V3.1: 7.8 HIGH
 V2.0: 6.8 MEDIUM
CVE-2021-32276

An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service.

Published: September 20, 2021; 12:15:10 PM -0400 		V3.1: 5.5 MEDIUM
 V2.0: 4.3 MEDIUM
CVE-2021-32274

An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution.

Published: September 20, 2021; 12:15:10 PM -0400 		V3.1: 7.8 HIGH
 V2.0: 6.8 MEDIUM
CVE-2021-32273

An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution.

Published: September 20, 2021; 12:15:10 PM -0400 		V3.1: 7.8 HIGH
 V2.0: 6.8 MEDIUM
CVE-2021-32272

An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution.

Published: September 20, 2021; 12:15:10 PM -0400 		V3.1: 7.8 HIGH
 V2.0: 6.8 MEDIUM
CVE-2021-26567

Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.

Published: February 26, 2021; 5:15:20 PM -0500 		V3.1: 7.8 HIGH
 V2.0: 6.5 MEDIUM
CVE-2008-4201

Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.

Published: September 24, 2008; 7:42:25 AM -0400 		V3.x:(not available)
 V2.0: 9.3 HIGH