Description GLSAMaker/CVETool Bot 2019-09-24 12:34:13 UTC

CVE-2019-6956 (https://nvd.nist.gov/vuln/detail/CVE-2019-6956):
  An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8.
  It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.

CVE-2018-20196 (https://nvd.nist.gov/vuln/detail/CVE-2018-20196):
  There is a stack-based buffer overflow in the third instance of the
  calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio
  Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or
  possibly unspecified other impact because the S_M array is mishandled.

CVE-2018-20199 (https://nvd.nist.gov/vuln/detail/CVE-2018-20199):
  A NULL pointer dereference was discovered in ifilter_bank of
  libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The
  vulnerability causes a segmentation fault and application crash, which leads
  to denial of service because adding to windowed output is mishandled in the
  ONLY_LONG_SEQUENCE case.

CVE-2018-20360 (https://nvd.nist.gov/vuln/detail/CVE-2018-20360):
  An invalid memory address dereference was discovered in the
  sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio
  Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and
  application crash, which leads to denial of service.

CVE-2018-20362 (https://nvd.nist.gov/vuln/detail/CVE-2018-20362):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-19504 (https://nvd.nist.gov/vuln/detail/CVE-2018-19504):
  An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1.
  There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c.

CVE-2018-20195 (https://nvd.nist.gov/vuln/detail/CVE-2018-20195):
  A NULL pointer dereference was discovered in ic_predict of
  libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The
  vulnerability causes a segmentation fault and application crash, which leads
  to denial of service.

CVE-2018-20198 (https://nvd.nist.gov/vuln/detail/CVE-2018-20198):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-20358 (https://nvd.nist.gov/vuln/detail/CVE-2018-20358):
  An invalid memory address dereference was discovered in the lt_prediction
  function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2
  (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application
  crash, which leads to denial of service.

CVE-2018-20194 (https://nvd.nist.gov/vuln/detail/CVE-2018-20194):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-19503 (https://nvd.nist.gov/vuln/detail/CVE-2018-19503):
  An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1.
  There was a stack-based buffer overflow in the function calculate_gain() in
  libfaad/sbr_hfadj.c.

CVE-2018-20197 (https://nvd.nist.gov/vuln/detail/CVE-2018-20197):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-20357 (https://nvd.nist.gov/vuln/detail/CVE-2018-20357):
  A NULL pointer dereference was discovered in sbr_process_channel of
  libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The
  vulnerability causes a segmentation fault and application crash.

CVE-2018-20359 (https://nvd.nist.gov/vuln/detail/CVE-2018-20359):
  An invalid memory address dereference was discovered in the
  sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced
  Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault
  and application crash, which leads to denial of service.

CVE-2018-20361 (https://nvd.nist.gov/vuln/detail/CVE-2018-20361):
  An invalid memory address dereference was discovered in the hf_assembly
  function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2)
  2.8.8. The vulnerability causes a segmentation fault and application crash,
  which leads to denial of service.

CVE-2019-15296 (https://nvd.nist.gov/vuln/detail/CVE-2019-15296):
  An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8.
  The faad_resetbits function in libfaad/bits.c is affected by a buffer
  overflow vulnerability. The number of bits to be read is determined by
  ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is
  negative, a buffer overflow is later performed via
  getdword_n(&ld->start[words], ld->bytes_left).

CVE-2018-19502 (https://nvd.nist.gov/vuln/detail/CVE-2018-19502):
  An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1.
  There was a heap-based buffer overflow in the function excluded_channels()
  in libfaad/syntax.c.