CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-15296

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(&ld->start[words], ld->bytes_left).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.3%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 6.8

References

https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174
https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html
https://seclists.org/bugtraq/2019/Sep/28
https://security.gentoo.org/glsa/202006-17
https://www.debian.org/security/2019/dsa-4522
https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174
https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html
https://seclists.org/bugtraq/2019/Sep/28
https://security.gentoo.org/glsa/202006-17
https://www.debian.org/security/2019/dsa-4522

Products affected by CVE-2019-15296

Audiocoding » Freeware Advanced Audio Decoder 2 » Version: 2.8.8

cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2:2.8.8
Debian » Debian Linux » Version: 8.0

cpe:2.3:o:debian:debian_linux:8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-15296

Products

Pricing

Contact Us