Vulnerabilities > CVE-2021-32272 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

faad2-project

debian

CWE-787

NVD

Published: 2021-09-20

Updated: 2022-04-22

Summary

An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution.

Vulnerable Configurations

Part	Description	Count
Application	Faad2_Project Faad2 Project Faad2 - Faad2 Project Faad2 2.8.2 Faad2 Project Faad2 2.8.3 Faad2 Project Faad2 2.8.4 Faad2 Project Faad2 2.8.5 Faad2 Project Faad2 2.8.6 Faad2 Project Faad2 2.8.7 Faad2 Project Faad2 2.8.8 Faad2 Project Faad2 2.9.0 Faad2 Project Faad2 2.9.1 Faad2 Project Faad2 2.9.2	11
OS	Debian Debian Debian Linux 10.0	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/knik0/faad2/issues/57
https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24
https://www.debian.org/security/2022/dsa-5109