CVE-2019-6956 : An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It i

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.

Published 2019-01-25 16:29:00

Updated 2022-04-22 20:40:49

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-6956

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Audiocoding » Freeware Advanced Audio Decoder 2
Versions before (<) 2.9.0
cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.38%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 58 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:P	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial
7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H	1.8	5.2	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: High

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

https://www.debian.org/security/2022/dsa-5109

Debian -- Security Information -- DSA-5109-1 faad2
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html

[SECURITY] [DLA 2792-1] faad2 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md

pocs/global-buffer-overflow@ps_mix_phase.md at master · TeamSeri0us/pocs · GitHub
Exploit;Patch;Third Party Advisory
https://security.gentoo.org/glsa/202006-17

FAAD2: Multiple vulnerabilities (GLSA 202006-17) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html

[SECURITY] [DLA 1899-1] faad2 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://sourceforge.net/p/faac/bugs/240/

Freeware Advanced Audio Codec / Bugs/Patches/etc. / #240 Serveral bugs in faad2
Issue Tracking;Third Party Advisory

CVEs referencing this url

Jump to