Fishfish

**Name of the Vulnerable Software and Affected Versions** Freeware Advanced Audio Decoder 2 (FAAD2) versions 2.8.1 and earlier **Description** The issue is related to a heap-based buffer overflow in the `excluded channels()` function of the Freeware Advanced Audio Decoder 2 (FAAD2) audio decoder. This can allow an attacker to compromise data integrity, gain unauthorized access to protected information, and cause a denial of service. **Recommendations** For Freeware Advanced Audio Decoder 2 (FAAD2) versions 2.8.1 and earlier, consider disabling the `excluded channels()` function as a temporary workaround until a patch is available. Restrict access to the `libfaad/syntax.c` module to minimize the risk of exploitation. Avoid using the `excluded channels()` function in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.1 **Description** The issue is related to a stack-based buffer overflow in the `calculate gain()` function. This function is located in the `libfaad/sbr hfadj.c` file. The exploitation of this issue may allow an attacker to impact data integrity, gain unauthorized access to protected information, and cause a denial of service. **Recommendations** For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.1, consider disabling the `calculate gain()` function as a temporary workaround until a patch is available. Restrict access to the `libfaad/sbr hfadj.c` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.1 **Description** The issue is related to a NULL pointer dereference in the `ifilter bank()` function. This could potentially allow an attacker to impact data integrity, gain unauthorized access to protected information, and cause a denial of service. **Recommendations** For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.1, consider disabling the `ifilter bank()` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Freeware Advanced Audio Decoder 2 (FAAD2) versions 2.8.8 **Description** The issue is related to a buffer over-read in the `ps mix phase` function of the `libfaad/ps dec.c` component of the Freeware Advanced Audio Decoder 2 (FAAD2) audio decoder. This is due to the lack of checking of the `iid index`. Exploitation of this issue allows a remote attacker to access confidential data and cause a denial of service. **Recommendations** For version 2.8.8, consider disabling the `ps mix phase` function as a temporary workaround until a patch is available. Restrict access to the `libfaad/ps dec.c` component to minimize the risk of exploitation. Avoid using the `iid index` variable in the affected function until the issue is resolved.