PT-2018-3818 · Audiocoding+2 · Faad2+2

Fishfish

Publicado

2018-11-23

Atualizado

2025-07-03

CVE-2019-6956

CVSS v2.0

8.8

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions Freeware Advanced Audio Decoder 2 (FAAD2) versions 2.8.8

Description The issue is related to a buffer over-read in the ps mix phase function of the libfaad/ps dec.c component of the Freeware Advanced Audio Decoder 2 (FAAD2) audio decoder. This is due to the lack of checking of the iid index. Exploitation of this issue allows a remote attacker to access confidential data and cause a denial of service.

Recommendations For version 2.8.8, consider disabling the ps mix phase function as a temporary workaround until a patch is available. Restrict access to the libfaad/ps dec.c component to minimize the risk of exploitation. Avoid using the iid index variable in the affected function until the issue is resolved.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2021-1228

ALT-PU-2021-1316

ALT-PU-2021-1341

ALT-PU-2023-1579

BDU:2022-05764

CVE-2019-6956

DLA-1899-1

DLA-2792-1

DSA-5109-1

MGASA-2019-0215

OPENSUSE-SU-2025:15214-1

Produtos afetados

Alt Linux

Astra Linux

Faad2

PT-2018-3818 · Audiocoding+2 · Faad2+2

CVE-2019-6956

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 41