Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-6956 (GCVE-0-2019-6956)
Vulnerability from cvelistv5 – Published: 2019-01-25 16:00 – Updated: 2024-08-04 20:31
VLAI?
EPSS
Summary
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2019-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/faac/bugs/240/"
},
{
"name": "[debian-lts-announce] 20190828 [SECURITY] [DLA 1899-1] faad2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html"
},
{
"name": "GLSA-202006-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"name": "[debian-lts-announce] 20211024 [SECURITY] [DLA 2792-1] faad2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html"
},
{
"name": "DSA-5109",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-28T14:06:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/faac/bugs/240/"
},
{
"name": "[debian-lts-announce] 20190828 [SECURITY] [DLA 1899-1] faad2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html"
},
{
"name": "GLSA-202006-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"name": "[debian-lts-announce] 20211024 [SECURITY] [DLA 2792-1] faad2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html"
},
{
"name": "DSA-5109",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5109"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md"
},
{
"name": "https://sourceforge.net/p/faac/bugs/240/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/faac/bugs/240/"
},
{
"name": "[debian-lts-announce] 20190828 [SECURITY] [DLA 1899-1] faad2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html"
},
{
"name": "GLSA-202006-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"name": "[debian-lts-announce] 20211024 [SECURITY] [DLA 2792-1] faad2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html"
},
{
"name": "DSA-5109",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5109"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6956",
"datePublished": "2019-01-25T16:00:00.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-6956",
"date": "2026-04-26",
"epss": "0.00354",
"percentile": "0.57742"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-6956\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-01-25T16:29:00.353\",\"lastModified\":\"2024-11-21T04:47:17.963\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en la versi\u00f3n 2.8.8 de Freeware Advanced Audio Decoder 2 (FAAD2). Se trata de una sobrelectura de b\u00fafer en ps_mix_phase en libfaad/ps_dec.c.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.9.0\",\"matchCriteriaId\":\"54DD28AC-27DA-4EFA-9AD4-392874D012BE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202006-17\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sourceforge.net/p/faac/bugs/240/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5109\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202006-17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sourceforge.net/p/faac/bugs/240/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5109\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
GSD-2019-6956
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-6956",
"description": "An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.",
"id": "GSD-2019-6956",
"references": [
"https://advisories.mageia.org/CVE-2019-6956.html",
"https://security.archlinux.org/CVE-2019-6956",
"https://www.debian.org/security/2022/dsa-5109"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-6956"
],
"details": "An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.",
"id": "GSD-2019-6956",
"modified": "2023-12-13T01:23:49.113350Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md"
},
{
"name": "https://sourceforge.net/p/faac/bugs/240/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/faac/bugs/240/"
},
{
"name": "[debian-lts-announce] 20190828 [SECURITY] [DLA 1899-1] faad2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html"
},
{
"name": "GLSA-202006-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"name": "[debian-lts-announce] 20211024 [SECURITY] [DLA 2792-1] faad2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html"
},
{
"name": "DSA-5109",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5109"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6956"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/faac/bugs/240/",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/faac/bugs/240/"
},
{
"name": "https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md",
"refsource": "MISC",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md"
},
{
"name": "[debian-lts-announce] 20190828 [SECURITY] [DLA 1899-1] faad2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html"
},
{
"name": "GLSA-202006-17",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"name": "[debian-lts-announce] 20211024 [SECURITY] [DLA 2792-1] faad2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html"
},
{
"name": "DSA-5109",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5109"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
},
"lastModifiedDate": "2022-04-22T20:40Z",
"publishedDate": "2019-01-25T16:29Z"
}
}
}
OPENSUSE-SU-2025:15214-1
Vulnerability from csaf_opensuse - Published: 2025-07-03 00:00 - Updated: 2025-07-03 00:00Summary
faad2-2.11.2-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: faad2-2.11.2-2.1 on GA media
Description of the patch: These are all security issues fixed in the faad2-2.11.2-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15214
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "faad2-2.11.2-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the faad2-2.11.2-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15214",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15214-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20194 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20196 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20199 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20358 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20359 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20362 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15296 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6956 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6956/"
}
],
"title": "faad2-2.11.2-2.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15214-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "faad2-2.11.2-2.1.aarch64",
"product": {
"name": "faad2-2.11.2-2.1.aarch64",
"product_id": "faad2-2.11.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "faad2-devel-2.11.2-2.1.aarch64",
"product": {
"name": "faad2-devel-2.11.2-2.1.aarch64",
"product_id": "faad2-devel-2.11.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfaad2-2.11.2-2.1.aarch64",
"product": {
"name": "libfaad2-2.11.2-2.1.aarch64",
"product_id": "libfaad2-2.11.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfaad2-32bit-2.11.2-2.1.aarch64",
"product": {
"name": "libfaad2-32bit-2.11.2-2.1.aarch64",
"product_id": "libfaad2-32bit-2.11.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfaad_drm2-2.11.2-2.1.aarch64",
"product": {
"name": "libfaad_drm2-2.11.2-2.1.aarch64",
"product_id": "libfaad_drm2-2.11.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"product": {
"name": "libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"product_id": "libfaad_drm2-32bit-2.11.2-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "faad2-2.11.2-2.1.ppc64le",
"product": {
"name": "faad2-2.11.2-2.1.ppc64le",
"product_id": "faad2-2.11.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "faad2-devel-2.11.2-2.1.ppc64le",
"product": {
"name": "faad2-devel-2.11.2-2.1.ppc64le",
"product_id": "faad2-devel-2.11.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfaad2-2.11.2-2.1.ppc64le",
"product": {
"name": "libfaad2-2.11.2-2.1.ppc64le",
"product_id": "libfaad2-2.11.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfaad2-32bit-2.11.2-2.1.ppc64le",
"product": {
"name": "libfaad2-32bit-2.11.2-2.1.ppc64le",
"product_id": "libfaad2-32bit-2.11.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfaad_drm2-2.11.2-2.1.ppc64le",
"product": {
"name": "libfaad_drm2-2.11.2-2.1.ppc64le",
"product_id": "libfaad_drm2-2.11.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"product": {
"name": "libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"product_id": "libfaad_drm2-32bit-2.11.2-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "faad2-2.11.2-2.1.s390x",
"product": {
"name": "faad2-2.11.2-2.1.s390x",
"product_id": "faad2-2.11.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "faad2-devel-2.11.2-2.1.s390x",
"product": {
"name": "faad2-devel-2.11.2-2.1.s390x",
"product_id": "faad2-devel-2.11.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libfaad2-2.11.2-2.1.s390x",
"product": {
"name": "libfaad2-2.11.2-2.1.s390x",
"product_id": "libfaad2-2.11.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libfaad2-32bit-2.11.2-2.1.s390x",
"product": {
"name": "libfaad2-32bit-2.11.2-2.1.s390x",
"product_id": "libfaad2-32bit-2.11.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libfaad_drm2-2.11.2-2.1.s390x",
"product": {
"name": "libfaad_drm2-2.11.2-2.1.s390x",
"product_id": "libfaad_drm2-2.11.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libfaad_drm2-32bit-2.11.2-2.1.s390x",
"product": {
"name": "libfaad_drm2-32bit-2.11.2-2.1.s390x",
"product_id": "libfaad_drm2-32bit-2.11.2-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "faad2-2.11.2-2.1.x86_64",
"product": {
"name": "faad2-2.11.2-2.1.x86_64",
"product_id": "faad2-2.11.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "faad2-devel-2.11.2-2.1.x86_64",
"product": {
"name": "faad2-devel-2.11.2-2.1.x86_64",
"product_id": "faad2-devel-2.11.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfaad2-2.11.2-2.1.x86_64",
"product": {
"name": "libfaad2-2.11.2-2.1.x86_64",
"product_id": "libfaad2-2.11.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfaad2-32bit-2.11.2-2.1.x86_64",
"product": {
"name": "libfaad2-32bit-2.11.2-2.1.x86_64",
"product_id": "libfaad2-32bit-2.11.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfaad_drm2-2.11.2-2.1.x86_64",
"product": {
"name": "libfaad_drm2-2.11.2-2.1.x86_64",
"product_id": "libfaad_drm2-2.11.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfaad_drm2-32bit-2.11.2-2.1.x86_64",
"product": {
"name": "libfaad_drm2-32bit-2.11.2-2.1.x86_64",
"product_id": "libfaad_drm2-32bit-2.11.2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "faad2-2.11.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64"
},
"product_reference": "faad2-2.11.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "faad2-2.11.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le"
},
"product_reference": "faad2-2.11.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "faad2-2.11.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x"
},
"product_reference": "faad2-2.11.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "faad2-2.11.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64"
},
"product_reference": "faad2-2.11.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "faad2-devel-2.11.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64"
},
"product_reference": "faad2-devel-2.11.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "faad2-devel-2.11.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le"
},
"product_reference": "faad2-devel-2.11.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "faad2-devel-2.11.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x"
},
"product_reference": "faad2-devel-2.11.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "faad2-devel-2.11.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64"
},
"product_reference": "faad2-devel-2.11.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad2-2.11.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64"
},
"product_reference": "libfaad2-2.11.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad2-2.11.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le"
},
"product_reference": "libfaad2-2.11.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad2-2.11.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x"
},
"product_reference": "libfaad2-2.11.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad2-2.11.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64"
},
"product_reference": "libfaad2-2.11.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad2-32bit-2.11.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64"
},
"product_reference": "libfaad2-32bit-2.11.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad2-32bit-2.11.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le"
},
"product_reference": "libfaad2-32bit-2.11.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad2-32bit-2.11.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x"
},
"product_reference": "libfaad2-32bit-2.11.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad2-32bit-2.11.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64"
},
"product_reference": "libfaad2-32bit-2.11.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad_drm2-2.11.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64"
},
"product_reference": "libfaad_drm2-2.11.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad_drm2-2.11.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le"
},
"product_reference": "libfaad_drm2-2.11.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad_drm2-2.11.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x"
},
"product_reference": "libfaad_drm2-2.11.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad_drm2-2.11.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64"
},
"product_reference": "libfaad_drm2-2.11.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad_drm2-32bit-2.11.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64"
},
"product_reference": "libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad_drm2-32bit-2.11.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le"
},
"product_reference": "libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad_drm2-32bit-2.11.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x"
},
"product_reference": "libfaad_drm2-32bit-2.11.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaad_drm2-32bit-2.11.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
},
"product_reference": "libfaad_drm2-32bit-2.11.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-20194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20194"
}
],
"notes": [
{
"category": "general",
"text": "There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max \u003c= G case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20194",
"url": "https://www.suse.com/security/cve/CVE-2018-20194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20194"
},
{
"cve": "CVE-2018-20196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20196"
}
],
"notes": [
{
"category": "general",
"text": "There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20196",
"url": "https://www.suse.com/security/cve/CVE-2018-20196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-20196"
},
{
"cve": "CVE-2018-20199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20199"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20199",
"url": "https://www.suse.com/security/cve/CVE-2018-20199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20199"
},
{
"cve": "CVE-2018-20358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20358"
}
],
"notes": [
{
"category": "general",
"text": "An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20358",
"url": "https://www.suse.com/security/cve/CVE-2018-20358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20358"
},
{
"cve": "CVE-2018-20359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20359"
}
],
"notes": [
{
"category": "general",
"text": "An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20359",
"url": "https://www.suse.com/security/cve/CVE-2018-20359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20359"
},
{
"cve": "CVE-2018-20362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20362"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20362",
"url": "https://www.suse.com/security/cve/CVE-2018-20362"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20362"
},
{
"cve": "CVE-2019-15296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15296"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld-\u003ebuffer_size - words*4, cast to uint32. If ld-\u003ebuffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(\u0026ld-\u003estart[words], ld-\u003ebytes_left).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15296",
"url": "https://www.suse.com/security/cve/CVE-2019-15296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-15296"
},
{
"cve": "CVE-2019-6956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6956"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6956",
"url": "https://www.suse.com/security/cve/CVE-2019-6956"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:faad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:faad2-devel-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad2-32bit-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-2.11.2-2.1.x86_64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.aarch64",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.ppc64le",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.s390x",
"openSUSE Tumbleweed:libfaad_drm2-32bit-2.11.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-6956"
}
]
}
GHSA-6RCH-6M73-JC8V
Vulnerability from github – Published: 2022-04-30 00:02 – Updated: 2022-04-30 00:02
VLAI?
Details
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.
Severity ?
7.1 (High)
{
"affected": [],
"aliases": [
"CVE-2019-6956"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-25T16:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.",
"id": "GHSA-6rch-6m73-jc8v",
"modified": "2022-04-30T00:02:15Z",
"published": "2022-04-30T00:02:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6956"
},
{
"type": "WEB",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/faac/bugs/240"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5109"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2019-6956
Vulnerability from fkie_nvd - Published: 2019-01-25 16:29 - Updated: 2024-11-21 04:47
Severity ?
Summary
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202006-17 | Third Party Advisory | |
| cve@mitre.org | https://sourceforge.net/p/faac/bugs/240/ | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2022/dsa-5109 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202006-17 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/faac/bugs/240/ | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5109 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| audiocoding | freeware_advanced_audio_decoder_2 | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54DD28AC-27DA-4EFA-9AD4-392874D012BE",
"versionEndExcluding": "2.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en la versi\u00f3n 2.8.8 de Freeware Advanced Audio Decoder 2 (FAAD2). Se trata de una sobrelectura de b\u00fafer en ps_mix_phase en libfaad/ps_dec.c."
}
],
"id": "CVE-2019-6956",
"lastModified": "2024-11-21T04:47:17.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-25T16:29:00.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/faac/bugs/240/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/faac/bugs/240/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5109"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
BDU:2022-05764
Vulnerability from fstec - Published: 23.11.2018
VLAI Severity ?
Title
Уязвимость функции ps_mix_phase компонента libfaad/ps_dec.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Description
Уязвимость функции ps_mix_phase компонента libfaad/ps_dec.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2) связана с отсутствием проверки iid_index. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Severity ?
Vendor
ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Freeware Advanced Audio Decoder 2, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 11 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), до 2.9.0 (Freeware Advanced Audio Decoder 2), 4.7 (Astra Linux Special Edition), до 2.1 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Для Freeware Advanced Audio Decoder 2 (FAAD2):
использование рекомендаций производителя: https://github.com/knik0/faad2/commit/6823e6610c9af1b0080cb22b9da03efb208d7d57
Для Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2019-6956
Для ОС Astra Linux:
использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
Для ОСОН Основа:
Обновление программного обеспечения faad2 до версии 2.10.0+repack-1.osnova1
Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»:
обновить пакет faad2 до 2.8.0~cvs20161113-1+deb9u3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
Для ОС ОН «Стрелец»:
Обновление программного обеспечения faad2 до версии 2.10.0+repack-1.osnova1
Reference
https://github.com/knik0/faad2/commit/6823e6610c9af1b0080cb22b9da03efb208d7d57
https://github.com/knik0/faad2/issues/39
https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md
https://nvd.nist.gov/vuln/detail/CVE-2019-6956
https://security-tracker.debian.org/tracker/CVE-2019-6956
https://sourceforge.net/p/faac/bugs/240/
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 11 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), \u0434\u043e 2.9.0 (Freeware Advanced Audio Decoder 2), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Freeware Advanced Audio Decoder 2 (FAAD2):\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://github.com/knik0/faad2/commit/6823e6610c9af1b0080cb22b9da03efb208d7d57\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2019-6956\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f faad2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.10.0+repack-1.osnova1\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 faad2 \u0434\u043e 2.8.0~cvs20161113-1+deb9u3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f faad2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.10.0+repack-1.osnova1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "23.11.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.09.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05764",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-6956",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Freeware Advanced Audio Decoder 2, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 ps_mix_phase \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 libfaad/ps_dec.c \u0430\u0443\u0434\u0438\u043e \u0434\u0435\u043a\u043e\u0434\u0435\u0440\u0430 Freeware Advanced Audio Decoder 2 (FAAD2), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 ps_mix_phase \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 libfaad/ps_dec.c \u0430\u0443\u0434\u0438\u043e \u0434\u0435\u043a\u043e\u0434\u0435\u0440\u0430 Freeware Advanced Audio Decoder 2 (FAAD2) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 iid_index. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/knik0/faad2/commit/6823e6610c9af1b0080cb22b9da03efb208d7d57\nhttps://github.com/knik0/faad2/issues/39\nhttps://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6956\nhttps://security-tracker.debian.org/tracker/CVE-2019-6956\nhttps://sourceforge.net/p/faac/bugs/240/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…