CVE-2019-6956

CVSS v2.0

8.8

High

Vector

AV:N/AC:M/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions Freeware Advanced Audio Decoder 2 (FAAD2) versions 2.8.8

Description The issue is related to a buffer over-read in the ps mix phase function of the libfaad/ps dec.c component of the Freeware Advanced Audio Decoder 2 (FAAD2) audio decoder. This is due to the lack of checking of the iid index. Exploitation of this issue allows a remote attacker to access confidential data and cause a denial of service.

Recommendations For version 2.8.8, consider disabling the ps mix phase function as a temporary workaround until a patch is available. Restrict access to the libfaad/ps dec.c component to minimize the risk of exploitation. Avoid using the iid index variable in the affected function until the issue is resolved.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2021-1228

ALT-PU-2021-1316

ALT-PU-2021-1341

ALT-PU-2023-1579

BDU:2022-05764

CVE-2019-6956

DLA-1899-1

DLA-2792-1

DSA-5109-1

MGASA-2019-0215

OPENSUSE-SU-2025:15214-1

Affected Products

Alt Linux

Astra Linux

Faad2

CVE-2019-6956

Weakness Enumeration

Related Identifiers

Affected Products

References · 41