CVE-2017-9256

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Freeware Advanced Audio Decoder 2 (FAAD2) version 2.7

Description The issue is related to the mp4ff read stco function, which can lead to a denial of service due to excessive CPU consumption caused by a large loop. This can be triggered by a remote attacker using a specially crafted mp4 file.

Recommendations For version 2.7, consider disabling the mp4ff read stco function as a temporary workaround until a patch is available. Restrict access to mp4 files from untrusted sources to minimize the risk of exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-834

Related Identifiers

ALT-PU-2021-1228

ALT-PU-2021-1316

ALT-PU-2021-1341

ALT-PU-2023-1579

BDU:2019-04567

BDU:2019-04568

CVE-2017-9256

DLA-1077-1

Affected Products

Alt Linux

Faad2

CVE-2017-9256

Weakness Enumeration

Related Identifiers

Affected Products

References · 105