Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-20196 (GCVE-0-2018-20196)
Vulnerability from cvelistv5 – Published: 2018-12-18 01:00 – Updated: 2024-08-05 11:58
VLAI?
EPSS
Summary
There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2018-12-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/knik0/faad2/issues/19"
},
{
"name": "[debian-lts-announce] 20190828 [SECURITY] [DLA 1899-1] faad2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html"
},
{
"name": "GLSA-202006-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"name": "DSA-5109",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-28T14:06:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/knik0/faad2/issues/19"
},
{
"name": "[debian-lts-announce] 20190828 [SECURITY] [DLA 1899-1] faad2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html"
},
{
"name": "GLSA-202006-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"name": "DSA-5109",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5109"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/knik0/faad2/issues/19",
"refsource": "MISC",
"url": "https://github.com/knik0/faad2/issues/19"
},
{
"name": "[debian-lts-announce] 20190828 [SECURITY] [DLA 1899-1] faad2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html"
},
{
"name": "GLSA-202006-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"name": "DSA-5109",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5109"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20196",
"datePublished": "2018-12-18T01:00:00.000Z",
"dateReserved": "2018-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:58:18.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2:2.8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BED01953-4703-4DDA-A93A-DE055A5C651D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.\"}, {\"lang\": \"es\", \"value\": \"Hay un desbordamiento de b\\u00fafer basado en pila en la tercera instancia de la funci\\u00f3n calculate_gain en libfaad/sbr_hfadj.c en Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Se podr\\u00eda realizar un ataque de denegaci\\u00f3n de servicio u otro tipo de impacto sin especificar debido a que el array S_M se gestiona de manera incorrecta.\"}]",
"id": "CVE-2018-20196",
"lastModified": "2024-11-21T04:01:04.170",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2018-12-18T01:29:00.377",
"references": "[{\"url\": \"https://github.com/knik0/faad2/issues/19\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202006-17\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5109\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/knik0/faad2/issues/19\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202006-17\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5109\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-20196\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-12-18T01:29:00.377\",\"lastModified\":\"2024-11-21T04:01:04.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.\"},{\"lang\":\"es\",\"value\":\"Hay un desbordamiento de b\u00fafer basado en pila en la tercera instancia de la funci\u00f3n calculate_gain en libfaad/sbr_hfadj.c en Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Se podr\u00eda realizar un ataque de denegaci\u00f3n de servicio u otro tipo de impacto sin especificar debido a que el array S_M se gestiona de manera incorrecta.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2:2.8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BED01953-4703-4DDA-A93A-DE055A5C651D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://github.com/knik0/faad2/issues/19\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202006-17\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5109\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/knik0/faad2/issues/19\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202006-17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5109\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CNVD-2019-05833
Vulnerability from cnvd - Published: 2019-03-01
VLAI Severity ?
Title
Freeware Advanced Audio Decoder 2缓冲区溢出漏洞(CNVD-2019-05833)
Description
Freeware Advanced Audio Decoder 2 (FAAD2)是一款根据GPLv2许可证授权的开源MPEG-4和MPEG-2 AAC解码器。
Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8中的libfaad/sbr_hfadj.c的calculate_gain函数的第三个实例存在栈缓冲区溢出漏洞,攻击者可通过特制输入利用该漏洞导致拒绝服务或可能造成其他影响。
Severity
中
Formal description
厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://github.com/knik0/faad2
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-20196
Impacted products
| Name | Freeware Advanced Audio Decoder 2 Freeware Advanced Audio Decoder 2 2.8.8 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-20196"
}
},
"description": "Freeware Advanced Audio Decoder 2 (FAAD2)\u662f\u4e00\u6b3e\u6839\u636eGPLv2\u8bb8\u53ef\u8bc1\u6388\u6743\u7684\u5f00\u6e90MPEG-4\u548cMPEG-2 AAC\u89e3\u7801\u5668\u3002\n\nFreeware Advanced Audio Decoder 2 (FAAD2) 2.8.8\u4e2d\u7684libfaad/sbr_hfadj.c\u7684calculate_gain\u51fd\u6570\u7684\u7b2c\u4e09\u4e2a\u5b9e\u4f8b\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236\u8f93\u5165\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u53ef\u80fd\u9020\u6210\u5176\u4ed6\u5f71\u54cd\u3002",
"discovererName": "fantasy7082",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://github.com/knik0/faad2",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-05833",
"openTime": "2019-03-01",
"products": {
"product": "Freeware Advanced Audio Decoder 2 Freeware Advanced Audio Decoder 2 2.8.8"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-20196",
"serverity": "\u4e2d",
"submitTime": "2018-12-18",
"title": "Freeware Advanced Audio Decoder 2\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2019-05833\uff09"
}
OPENSUSE-SU-2025:15214-1
Vulnerability from csaf_opensuse - Published: 2025-07-03 00:00 - Updated: 2025-07-03 00:00Summary
faad2-2.11.2-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: faad2-2.11.2-2.1 on GA media
Description of the patch: These are all security issues fixed in the faad2-2.11.2-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15214
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "faad2-2.11.2-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the faad2-2.11.2-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15214",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15214-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20194 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20196 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20199 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20358 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20359 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20362 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15296 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6956 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6956/"
}
],
"title": "faad2-2.11.2-2.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15214-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "faad2-2.11.2-2.1.aarch64",
"product": {
"name": "faad2-2.11.2-2.1.aarch64",
"product_id": "faad2-2.11.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "faad2-devel-2.11.2-2.1.aarch64",
"product": {
"name": "faad2-devel-2.11.2-2.1.aarch64",
"product_id": "faad2-devel-2.11.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfaad2-2.11.2-2.1.aarch64",
"product": {
"name": "libfaad2-2.11.2-2.1.aarch64",
"product_id": "libfaad2-2.11.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfaad2-32bit-2.11.2-2.1.aarch64",
"product": {
"name": "libfaad2-32bit-2.11.2-2.1.aarch64",
"product_id": "libfaad2-32bit-2.11.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfaad_drm2-2.11.2-2.1.aarch64",
"product": {
"name": "libfaad_drm2-2.11.2-2.1.aarch64",
"product_id": "libfaad_drm2-2.11.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"product": {
"name": "libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"product_id": "libfaad_drm2-32bit-2.11.2-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "faad2-2.11.2-2.1.ppc64le",
"product": {
"name": "faad2-2.11.2-2.1.ppc64le",
"product_id": "faad2-2.11.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "faad2-devel-2.11.2-2.1.ppc64le",
"product": {
"name": "faad2-devel-2.11.2-2.1.ppc64le",
"product_id": "faad2-devel-2.11.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfaad2-2.11.2-2.1.ppc64le",
"product": {
"name": "libfaad2-2.11.2-2.1.ppc64le",
"product_id": "libfaad2-2.11.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfaad2-32bit-2.11.2-2.1.ppc64le",
"product": {
"name": "libfaad2-32bit-2.11.2-2.1.ppc64le",
"product_id": "libfaad2-32bit-2.11.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfaad_drm2-2.11.2-2.1.ppc64le",
"product": {
"name": "libfaad_drm2-2.11.2-2.1.ppc64le",
"product_id": "libfaad_drm2-2.11.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"product": {
"name": "libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"product_id": "libfaad_drm2-32bit-2.11.2-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "faad2-2.11.2-2.1.s390x",
"product": {
"name": "faad2-2.11.2-2.1.s390x",
"product_id": "faad2-2.11.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "faad2-devel-2.11.2-2.1.s390x",
"product": {
"name": "faad2-devel-2.11.2-2.1.s390x",
"product_id": "faad2-devel-2.11.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libfaad2-2.11.2-2.1.s390x",
"product": {
"name": "libfaad2-2.11.2-2.1.s390x",
"product_id": "libfaad2-2.11.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libfaad2-32bit-2.11.2-2.1.s390x",
"product": {
"name": "libfaad2-32bit-2.11.2-2.1.s390x",
"product_id": "libfaad2-32bit-2.11.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libfaad_drm2-2.11.2-2.1.s390x",
"product": {
"name": "libfaad_drm2-2.11.2-2.1.s390x",
"product_id": "libfaad_drm2-2.11.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libfaad_drm2-32bit-2.11.2-2.1.s390x",
"product": {
"name": "libfaad_drm2-32bit-2.11.2-2.1.s390x",
"product_id": "libfaad_drm2-32bit-2.11.2-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "faad2-2.11.2-2.1.x86_64",
"product": {
"name": "faad2-2.11.2-2.1.x86_64",
"product_id": "faad2-2.11.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "faad2-devel-2.11.2-2.1.x86_64",
"product": {
"name": "faad2-devel-2.11.2-2.1.x86_64",
"product_id": "faad2-devel-2.11.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfaad2-2.11.2-2.1.x86_64",
"product": {
"name": "libfaad2-2.11.2-2.1.x86_64",
"product_id": "libfaad2-2.11.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfaad2-32bit-2.11.2-2.1.x86_64",
"product": {
"name": "libfaad2-32bit-2.11.2-2.1.x86_64",
"product_id": "libfaad2-32bit-2.11.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfaad_drm2-2.11.2-2.1.x86_64",
"product": {
"name": "libfaad_drm2-2.11.2-2.1.x86_64",
"product_id": "libfaad_drm2-2.11.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfaad_drm2-32bit-2.11.2-2.1.x86_64",
"product": {
"name": "libfaad_drm2-32bit-2.11.2-2.1.x86_64",
"product_id": "libfaad_drm2-32bit-2.11.2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "faad2-2.11.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64"
},
"product_reference": "faad2-2.11.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "faad2-2.11.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le"
},
"product_reference": "faad2-2.11.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "faad2-2.11.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x"
},
"product_reference": "faad2-2.11.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "faad2-2.11.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64"
},
"product_reference": "faad2-2.11.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "faad2-devel-2.11.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64"
},
"product_reference": "faad2-devel-2.11.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "faad2-devel-2.11.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le"
},
"product_reference": "faad2-devel-2.11.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "faad2-devel-2.11.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x"
},
"product_reference": "faad2-devel-2.11.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "faad2-devel-2.11.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64"
},
"product_reference": "faad2-devel-2.11.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad2-2.11.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64"
},
"product_reference": "libfaad2-2.11.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad2-2.11.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le"
},
"product_reference": "libfaad2-2.11.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad2-2.11.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x"
},
"product_reference": "libfaad2-2.11.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad2-2.11.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64"
},
"product_reference": "libfaad2-2.11.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad2-32bit-2.11.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64"
},
"product_reference": "libfaad2-32bit-2.11.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad2-32bit-2.11.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le"
},
"product_reference": "libfaad2-32bit-2.11.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad2-32bit-2.11.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x"
},
"product_reference": "libfaad2-32bit-2.11.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad2-32bit-2.11.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64"
},
"product_reference": "libfaad2-32bit-2.11.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad_drm2-2.11.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64"
},
"product_reference": "libfaad_drm2-2.11.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad_drm2-2.11.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le"
},
"product_reference": "libfaad_drm2-2.11.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad_drm2-2.11.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x"
},
"product_reference": "libfaad_drm2-2.11.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad_drm2-2.11.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64"
},
"product_reference": "libfaad_drm2-2.11.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad_drm2-32bit-2.11.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64"
},
"product_reference": "libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad_drm2-32bit-2.11.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le"
},
"product_reference": "libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad_drm2-32bit-2.11.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x"
},
"product_reference": "libfaad_drm2-32bit-2.11.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad_drm2-32bit-2.11.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
},
"product_reference": "libfaad_drm2-32bit-2.11.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-20194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20194"
}
],
"notes": [
{
"category": "general",
"text": "There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max \u003c= G case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20194",
"url": "https://www.suse.com/security/cve/CVE-2018-20194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20194"
},
{
"cve": "CVE-2018-20196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20196"
}
],
"notes": [
{
"category": "general",
"text": "There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20196",
"url": "https://www.suse.com/security/cve/CVE-2018-20196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-20196"
},
{
"cve": "CVE-2018-20199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20199"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20199",
"url": "https://www.suse.com/security/cve/CVE-2018-20199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20199"
},
{
"cve": "CVE-2018-20358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20358"
}
],
"notes": [
{
"category": "general",
"text": "An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20358",
"url": "https://www.suse.com/security/cve/CVE-2018-20358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20358"
},
{
"cve": "CVE-2018-20359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20359"
}
],
"notes": [
{
"category": "general",
"text": "An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20359",
"url": "https://www.suse.com/security/cve/CVE-2018-20359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20359"
},
{
"cve": "CVE-2018-20362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20362"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20362",
"url": "https://www.suse.com/security/cve/CVE-2018-20362"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20362"
},
{
"cve": "CVE-2019-15296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15296"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld-\u003ebuffer_size - words*4, cast to uint32. If ld-\u003ebuffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(\u0026ld-\u003estart[words], ld-\u003ebytes_left).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15296",
"url": "https://www.suse.com/security/cve/CVE-2019-15296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-15296"
},
{
"cve": "CVE-2019-6956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6956"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6956",
"url": "https://www.suse.com/security/cve/CVE-2019-6956"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-6956"
}
]
}
GHSA-7MR6-HMWX-3GVW
Vulnerability from github – Published: 2022-04-30 00:02 – Updated: 2022-04-30 00:02
VLAI?
Details
There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2018-20196"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-18T01:29:00Z",
"severity": "HIGH"
},
"details": "There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.",
"id": "GHSA-7mr6-hmwx-3gvw",
"modified": "2022-04-30T00:02:17Z",
"published": "2022-04-30T00:02:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20196"
},
{
"type": "WEB",
"url": "https://github.com/knik0/faad2/issues/19"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5109"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2018-20196
Vulnerability from fkie_nvd - Published: 2018-12-18 01:29 - Updated: 2024-11-21 04:01
Severity ?
Summary
There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/knik0/faad2/issues/19 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202006-17 | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2022/dsa-5109 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/knik0/faad2/issues/19 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202006-17 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5109 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| audiocoding | freeware_advanced_audio_decoder_2 | 2.8.8 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BED01953-4703-4DDA-A93A-DE055A5C651D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled."
},
{
"lang": "es",
"value": "Hay un desbordamiento de b\u00fafer basado en pila en la tercera instancia de la funci\u00f3n calculate_gain en libfaad/sbr_hfadj.c en Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Se podr\u00eda realizar un ataque de denegaci\u00f3n de servicio u otro tipo de impacto sin especificar debido a que el array S_M se gestiona de manera incorrecta."
}
],
"id": "CVE-2018-20196",
"lastModified": "2024-11-21T04:01:04.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-18T01:29:00.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/knik0/faad2/issues/19"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/knik0/faad2/issues/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5109"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2018-20196
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-20196",
"description": "There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.",
"id": "GSD-2018-20196",
"references": [
"https://security.archlinux.org/CVE-2018-20196",
"https://www.debian.org/security/2022/dsa-5109"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-20196"
],
"details": "There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.",
"id": "GSD-2018-20196",
"modified": "2023-12-13T01:22:29.269256Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/knik0/faad2/issues/19",
"refsource": "MISC",
"url": "https://github.com/knik0/faad2/issues/19"
},
{
"name": "[debian-lts-announce] 20190828 [SECURITY] [DLA 1899-1] faad2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html"
},
{
"name": "GLSA-202006-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"name": "DSA-5109",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5109"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2:2.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20196"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/knik0/faad2/issues/19",
"refsource": "MISC",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/knik0/faad2/issues/19"
},
{
"name": "[debian-lts-announce] 20190828 [SECURITY] [DLA 1899-1] faad2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html"
},
{
"name": "GLSA-202006-17",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"name": "DSA-5109",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5109"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-04-22T20:40Z",
"publishedDate": "2018-12-18T01:29Z"
}
}
}
BDU:2022-05766
Vulnerability from fstec - Published: 17.12.2018
VLAI Severity ?
Title
Уязвимость функции calculate_gain компонента libfaad/sbr_hfadj.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Description
Уязвимость функции calculate_gain компонента libfaad/sbr_hfadj.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2) связана с отсутствием сравнения с MAX_M. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Freeware Advanced Audio Decoder 2, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 2.8.8 (Freeware Advanced Audio Decoder 2), 4.7 (Astra Linux Special Edition), до 2.1 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Для Freeware Advanced Audio Decoder 2 (FAAD2):
использование рекомендаций производителя: https://github.com/knik0/faad2/commit/6aeeaa1af0caf986daf22852a97f7c13c5edd879
Для Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2018-20196
Для ОС Astra Linux:
использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
Для ОСОН Основа:
Обновление программного обеспечения faad2 до версии 2.10.0+repack-1.osnova1
Для ОС ОН «Стрелец»:
Обновление программного обеспечения faad2 до версии 2.10.0+repack-1.osnova1
Reference
https://github.com/knik0/faad2/commit/6aeeaa1af0caf986daf22852a97f7c13c5edd879
https://github.com/knik0/faad2/issues/19
https://nvd.nist.gov/vuln/detail/CVE-2018-20196
https://security-tracker.debian.org/tracker/CVE-2018-20196
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-787
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 2.8.8 (Freeware Advanced Audio Decoder 2), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Freeware Advanced Audio Decoder 2 (FAAD2):\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://github.com/knik0/faad2/commit/6aeeaa1af0caf986daf22852a97f7c13c5edd879\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2018-20196\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f faad2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.10.0+repack-1.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f faad2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.10.0+repack-1.osnova1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.12.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.09.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05766",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-20196",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Freeware Advanced Audio Decoder 2, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 calculate_gain \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 libfaad/sbr_hfadj.c \u0430\u0443\u0434\u0438\u043e \u0434\u0435\u043a\u043e\u0434\u0435\u0440\u0430 Freeware Advanced Audio Decoder 2 (FAAD2), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 calculate_gain \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 libfaad/sbr_hfadj.c \u0430\u0443\u0434\u0438\u043e \u0434\u0435\u043a\u043e\u0434\u0435\u0440\u0430 Freeware Advanced Audio Decoder 2 (FAAD2) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044f \u0441 MAX_M. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/knik0/faad2/commit/6aeeaa1af0caf986daf22852a97f7c13c5edd879\nhttps://github.com/knik0/faad2/issues/19\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20196\nhttps://security-tracker.debian.org/tracker/CVE-2018-20196\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…