LAYER: meta-oe
PACKAGE NAME: faad2
PACKAGE VERSION: 2.11.1+git
CVE: CVE-2008-4201
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.
CVSS v2 BASE SCORE: 9.3
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4201

LAYER: meta-oe
PACKAGE NAME: faad2
PACKAGE VERSION: 2.11.1+git
CVE: CVE-2021-26567
CVE STATUS: Patched
CVE SUMMARY: Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.
CVSS v2 BASE SCORE: 6.5
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-26567

LAYER: meta-oe
PACKAGE NAME: faad2
PACKAGE VERSION: 2.11.1+git
CVE: CVE-2021-32272
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32272

LAYER: meta-oe
PACKAGE NAME: faad2
PACKAGE VERSION: 2.11.1+git
CVE: CVE-2021-32273
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32273

LAYER: meta-oe
PACKAGE NAME: faad2
PACKAGE VERSION: 2.11.1+git
CVE: CVE-2021-32274
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32274

LAYER: meta-oe
PACKAGE NAME: faad2
PACKAGE VERSION: 2.11.1+git
CVE: CVE-2021-32276
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32276

LAYER: meta-oe
PACKAGE NAME: faad2
PACKAGE VERSION: 2.11.1+git
CVE: CVE-2021-32277
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32277

LAYER: meta-oe
PACKAGE NAME: faad2
PACKAGE VERSION: 2.11.1+git
CVE: CVE-2021-32278
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32278

LAYER: meta-oe
PACKAGE NAME: faad2
PACKAGE VERSION: 2.11.1+git
CVE: CVE-2023-38857
CVE STATUS: Patched
CVE SUMMARY: Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38857

LAYER: meta-oe
PACKAGE NAME: faad2
PACKAGE VERSION: 2.11.1+git
CVE: CVE-2023-38858
CVE STATUS: Patched
CVE SUMMARY: Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38858