CVE-2019-15296

Priority
Description
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8.
The faad_resetbits function in libfaad/bits.c is affected by a buffer
overflow vulnerability. The number of bits to be read is determined by
ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is
negative, a buffer overflow is later performed via
getdword_n(&ld->start[words], ld->bytes_left).
Notes
Package
Source: faad2 (LP Ubuntu Debian)
Upstream:released (2.8.8-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.04 (Disco Dingo):needs-triage
Ubuntu 19.10 (Eoan):not-affected (2.8.8-3ubuntu3)
More Information

Updated: 2019-10-09 06:52:38 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)