Knik0

**Name of the Vulnerable Software and Affected Versions** faad2 versions prior to 2.10.0 **Description** A heap-buffer-overflow issue exists in the `stszin` function located in `mp4read.c`, allowing an attacker to cause code execution. This issue can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For versions prior to 2.10.0, update to version 2.10.0 or later to resolve the issue. As a temporary workaround, consider disabling the `stszin` function in `mp4read.c` until a patch is available.