AVG-2660 log

Package faad2
Status Fixed
Severity High
Type multiple issues
Affected 2.8.8-1
Fixed 2.9.0-1
Current 2.11.1-1 [extra]
Ticket None
Created Mon Apr 4 23:38:29 2022
Issue Severity Remote Type Description
CVE-2019-6956 High Yes Arbitrary code execution
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.
CVE-2018-20360 Medium Yes Denial of service
An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2)...
CVE-2018-20199 Medium Yes Denial of service
A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes...
CVE-2018-20196 High Yes Arbitrary code execution
There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2...