CVE-2019-15296

Name of the Vulnerable Software and Affected Versions Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8

Description A buffer overflow issue affects the faad resetbits function in libfaad/bits.c. The number of bits to be read is determined by ld->buffer size - words*4, cast to uint32. If ld->buffer size - words*4 is negative, a buffer overflow is later performed via getdword n(&ld->start[words], ld->bytes left). This vulnerability may allow an attacker to compromise data integrity, gain unauthorized access to protected information, and cause a denial of service.

Recommendations For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, consider disabling the faad resetbits() function as a temporary workaround until a patch is available. Restrict access to the libfaad/bits.c module to minimize the risk of exploitation. Avoid using the getdword n() function with potentially negative values of ld->buffer size - words*4 until the issue is resolved.