AVG-328 log

Package faad2
Status Fixed
Severity High
Type denial of service
Affected 2.7-4
Fixed 2.8.1-1
Current 2.9.1-2 [extra]
Ticket FS#54613
Created Tue Jun 27 16:42:25 2017
Issue Severity Remote Type Description
CVE-2017-9257 Medium Yes Denial of service
the mp4ff_read_ctts in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows can cause a 
denial of service(large loop and CPU...
CVE-2017-9256 Medium Yes Denial of service
the mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 can cause a 
denial of service(large loop and CPU...
CVE-2017-9255 Medium Yes Denial of service
the mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 can cause a 
denial of service(large loop and CPU...
CVE-2017-9254 Medium Yes Denial of service
the mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 can cause a 
denial of service(large loop and CPU...
CVE-2017-9253 Medium Yes Denial of service
the mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 can cause a 
denial of service(large loop and CPU...
CVE-2017-9223 High Yes Denial of service
the mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 can cause a 
denial of service(invalid memory read...
CVE-2017-9222 High Yes Denial of service
the mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 can to cause a 
denial of service(infinite loop and...
CVE-2017-9221 High Yes Denial of service
the mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 can cause a 
denial of service(invalid memory read...
CVE-2017-9220 High Yes Denial of service
the mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 can cause a 
denial of service (memory allocation...
CVE-2017-9219 High Yes Denial of service
the mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 can cause a 
denial of service (memory allocation...
CVE-2017-9218 High Yes Denial of service
the mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 can cause a 
denial of service(invalid memory read...
References
http://seclists.org/fulldisclosure/2017/Jun/32
Notes
Was able to reproduce all the POC's on the zip....