pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2023-1579/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

1019 lines
55 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20231579",
"Version": "oval:org.altlinux.errata:def:20231579",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-1579: package `faad` update to version 2.10.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-1579",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-1579",
"Source": "ALTPU"
},
{
"RefID": "BDU:2018-00113",
"RefURL": "https://bdu.fstec.ru/vul/2018-00113",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00419",
"RefURL": "https://bdu.fstec.ru/vul/2019-00419",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03596",
"RefURL": "https://bdu.fstec.ru/vul/2019-03596",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03597",
"RefURL": "https://bdu.fstec.ru/vul/2019-03597",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03598",
"RefURL": "https://bdu.fstec.ru/vul/2019-03598",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03599",
"RefURL": "https://bdu.fstec.ru/vul/2019-03599",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03600",
"RefURL": "https://bdu.fstec.ru/vul/2019-03600",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03601",
"RefURL": "https://bdu.fstec.ru/vul/2019-03601",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03602",
"RefURL": "https://bdu.fstec.ru/vul/2019-03602",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03603",
"RefURL": "https://bdu.fstec.ru/vul/2019-03603",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03604",
"RefURL": "https://bdu.fstec.ru/vul/2019-03604",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03605",
"RefURL": "https://bdu.fstec.ru/vul/2019-03605",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03606",
"RefURL": "https://bdu.fstec.ru/vul/2019-03606",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03641",
"RefURL": "https://bdu.fstec.ru/vul/2019-03641",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03650",
"RefURL": "https://bdu.fstec.ru/vul/2019-03650",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04177",
"RefURL": "https://bdu.fstec.ru/vul/2019-04177",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04178",
"RefURL": "https://bdu.fstec.ru/vul/2019-04178",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04179",
"RefURL": "https://bdu.fstec.ru/vul/2019-04179",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04180",
"RefURL": "https://bdu.fstec.ru/vul/2019-04180",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04181",
"RefURL": "https://bdu.fstec.ru/vul/2019-04181",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04564",
"RefURL": "https://bdu.fstec.ru/vul/2019-04564",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04565",
"RefURL": "https://bdu.fstec.ru/vul/2019-04565",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04566",
"RefURL": "https://bdu.fstec.ru/vul/2019-04566",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04567",
"RefURL": "https://bdu.fstec.ru/vul/2019-04567",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04568",
"RefURL": "https://bdu.fstec.ru/vul/2019-04568",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01663",
"RefURL": "https://bdu.fstec.ru/vul/2022-01663",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01666",
"RefURL": "https://bdu.fstec.ru/vul/2022-01666",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01667",
"RefURL": "https://bdu.fstec.ru/vul/2022-01667",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01813",
"RefURL": "https://bdu.fstec.ru/vul/2022-01813",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01814",
"RefURL": "https://bdu.fstec.ru/vul/2022-01814",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05696",
"RefURL": "https://bdu.fstec.ru/vul/2022-05696",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05764",
"RefURL": "https://bdu.fstec.ru/vul/2022-05764",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05765",
"RefURL": "https://bdu.fstec.ru/vul/2022-05765",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05766",
"RefURL": "https://bdu.fstec.ru/vul/2022-05766",
"Source": "BDU"
},
{
"RefID": "CVE-2017-9218",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9218",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9219",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9219",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9220",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9220",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9221",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9221",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9222",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9222",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9223",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9223",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9253",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9253",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9254",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9254",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9255",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9255",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9256",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9256",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9257",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9257",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19502",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19502",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19503",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19503",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19504",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19504",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20194",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20194",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20195",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20195",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20196",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20196",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20197",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20198",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20198",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20199",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20199",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20357",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20357",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20358",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20358",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20359",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20359",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20360",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20360",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20361",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20361",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20362",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20362",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15296",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15296",
"Source": "CVE"
},
{
"RefID": "CVE-2019-6956",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-6956",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32273",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32273",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32274",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32274",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32276",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32276",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32277",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32277",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32278",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32278",
"Source": "CVE"
}
],
"Description": "This update upgrades faad to version 2.10.1-alt1. \nSecurity Fix(es):\n\n * BDU:2018-00113: Уязвимость функции mp4ff_read_ctts декодера аудио-файлов Freeware Advanced Audio Decoder 2, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-00419: Уязвимость функции mp4ff_read_stts набора программного обеспечения для работы с аудиофайлами Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03596: Уязвимость функции excluded_channels() аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03597: Уязвимость функции calculate_gain() аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03598: Уязвимость функции ifilter_bank() аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03599: Уязвимость функции calculate_gain аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03600: Уязвимость компонента ic_predict (libfaad/ic_predict.c) аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03601: Уязвимость функции calculate_gain аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2019-03602: Уязвимость функции ifilter_bank аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03603: Уязвимость функции sbr_process_channel аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03604: Уязвимость функции lt_prediction аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03605: Уязвимость функции sbrDecodeSingleFramePS аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03606: Уязвимость функции hf_assembly аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03641: Уязвимость функции faad_resetbits() набора программного обеспечения для работы с аудиофайлами Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03650: Уязвимость функции filter_bank libfaad/filtbank.c набора программного обеспечения для работы с аудиофайлами Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04177: Уязвимость функции mp4ff_read_stsd (common/mp4ff/mp4atom.c) аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04178: Уязвимость функции mp4ff_read_stsc (common/mp4ff/mp4atom.c) аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04179: Уязвимость функции mp4ff_read_stco (common/mp4ff/mp4atom.c) аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04180: Уязвимость функции mp4ff_read_mdhd (common/mp4ff/mp4atom.c) аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04181: Уязвимость функции mp4ff_read_stts (common/mp4ff/mp4atom.c) аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04564: Уязвимость функции mp4ff_parse_tag программного обеспечения для работы с аудиофайлами Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04565: Уязвимость функции mp4ff_read_stsd программного обеспечения для работы с аудиофайлами Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04566: Уязвимость функции mp4ff_read_stsc программного обеспечения для работы с аудиофайлами Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04567: Уязвимость функции mp4ff_read_stco программного обеспечения для работы с аудиофайлами Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04568: Уязвимость функции mp4ff_read_stco программного обеспечения для работы с аудиофайлами Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01663: Уязвимость функции ftypin компонента mp4read.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-01666: Уязвимость функции sbr_qmf_analysis_32 компонента sbr_qmf.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-01667: Уязвимость функции lt_prediction компонента lt_predict.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-01813: Уязвимость функции get_sample() компонента output.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01814: Уязвимость функции sbr_qmf_synthesis_64 компонента sbr_qmf.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-05696: Уязвимость функции ifilter_bank компонента libfaad/filtbank.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05764: Уязвимость функции ps_mix_phase компонента libfaad/ps_dec.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * BDU:2022-05765: Уязвимость функции sbr_process_channel компонента libfaad/sbr_dec.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05766: Уязвимость функции calculate_gain компонента libfaad/sbr_hfadj.c аудио декодера Freeware Advanced Audio Decoder 2 (FAAD2), позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2017-9218: The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.\n\n * CVE-2017-9219: The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file.\n\n * CVE-2017-9220: The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file.\n\n * CVE-2017-9221: The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.\n\n * CVE-2017-9222: The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.\n\n * CVE-2017-9223: The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.\n\n * CVE-2017-9253: The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.\n\n * CVE-2017-9254: The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.\n\n * CVE-2017-9255: The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.\n\n * CVE-2017-9256: The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.\n\n * CVE-2017-9257: The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.\n\n * CVE-2018-19502: An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c.\n\n * CVE-2018-19503: An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c.\n\n * CVE-2018-19504: An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c.\n\n * CVE-2018-20194: There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max \u003c= G case.\n\n * CVE-2018-20195: A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.\n\n * CVE-2018-20196: There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.\n\n * CVE-2018-20197: There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max \u003e G case.\n\n * CVE-2018-20198: A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the LONG_START_SEQUENCE case.\n\n * CVE-2018-20199: A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case.\n\n * CVE-2018-20357: A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash.\n\n * CVE-2018-20358: An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.\n\n * CVE-2018-20359: An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.\n\n * CVE-2018-20360: An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.\n\n * CVE-2018-20361: An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.\n\n * CVE-2018-20362: A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case.\n\n * CVE-2019-15296: An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld-\u003ebuffer_size - words*4, cast to uint32. If ld-\u003ebuffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(\u0026ld-\u003estart[words], ld-\u003ebytes_left).\n\n * CVE-2019-6956: An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.\n\n * CVE-2021-32273: An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution.\n\n * CVE-2021-32274: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution.\n\n * CVE-2021-32276: An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service.\n\n * CVE-2021-32277: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution.\n\n * CVE-2021-32278: An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-04-05"
},
"Updated": {
"Date": "2024-04-04"
},
"BDUs": [
{
"ID": "BDU:2018-00113",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-399",
"Href": "https://bdu.fstec.ru/vul/2018-00113",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "BDU:2019-00419",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-399",
"Href": "https://bdu.fstec.ru/vul/2019-00419",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "BDU:2019-03596",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-03596",
"Impact": "High",
"Public": "20181123"
},
{
"ID": "BDU:2019-03597",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-03597",
"Impact": "High",
"Public": "20181123"
},
{
"ID": "BDU:2019-03598",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-03598",
"Impact": "High",
"Public": "20181123"
},
{
"ID": "BDU:2019-03599",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-03599",
"Impact": "High",
"Public": "20181123"
},
{
"ID": "BDU:2019-03600",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-03600",
"Impact": "Low",
"Public": "20181123"
},
{
"ID": "BDU:2019-03601",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-03601",
"Impact": "High",
"Public": "20181123"
},
{
"ID": "BDU:2019-03602",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-03602",
"Impact": "Low",
"Public": "20181123"
},
{
"ID": "BDU:2019-03603",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-03603",
"Impact": "Low",
"Public": "20181123"
},
{
"ID": "BDU:2019-03604",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-03604",
"Impact": "Low",
"Public": "20181123"
},
{
"ID": "BDU:2019-03605",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-03605",
"Impact": "Low",
"Public": "20181123"
},
{
"ID": "BDU:2019-03606",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-03606",
"Impact": "Low",
"Public": "20181123"
},
{
"ID": "BDU:2019-03641",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-03641",
"Impact": "High",
"Public": "20190828"
},
{
"ID": "BDU:2019-03650",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-03650",
"Impact": "Low",
"Public": "20181217"
},
{
"ID": "BDU:2019-04177",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-04177",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "BDU:2019-04178",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-04178",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "BDU:2019-04179",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-04179",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "BDU:2019-04180",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-04180",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "BDU:2019-04181",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-04181",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "BDU:2019-04564",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2019-04564",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "BDU:2019-04565",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2019-04565",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "BDU:2019-04566",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-834",
"Href": "https://bdu.fstec.ru/vul/2019-04566",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "BDU:2019-04567",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-834",
"Href": "https://bdu.fstec.ru/vul/2019-04567",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "BDU:2019-04568",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-834",
"Href": "https://bdu.fstec.ru/vul/2019-04568",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "BDU:2022-01663",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-01663",
"Impact": "High",
"Public": "20200816"
},
{
"ID": "BDU:2022-01666",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-01666",
"Impact": "High",
"Public": "20200830"
},
{
"ID": "BDU:2022-01667",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-01667",
"Impact": "High",
"Public": "20200904"
},
{
"ID": "BDU:2022-01813",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2022-01813",
"Impact": "Low",
"Public": "20210920"
},
{
"ID": "BDU:2022-01814",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-01814",
"Impact": "High",
"Public": "20200830"
},
{
"ID": "BDU:2022-05696",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2022-05696",
"Impact": "Low",
"Public": "20181217"
},
{
"ID": "BDU:2022-05764",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2022-05764",
"Impact": "High",
"Public": "20181123"
},
{
"ID": "BDU:2022-05765",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2022-05765",
"Impact": "Low",
"Public": "20181217"
},
{
"ID": "BDU:2022-05766",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-05766",
"Impact": "High",
"Public": "20181217"
}
],
"CVEs": [
{
"ID": "CVE-2017-9218",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9218",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "CVE-2017-9219",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9219",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "CVE-2017-9220",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9220",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "CVE-2017-9221",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9221",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "CVE-2017-9222",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9222",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "CVE-2017-9223",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9223",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "CVE-2017-9253",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-834",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9253",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "CVE-2017-9254",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-834",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9254",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "CVE-2017-9255",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-834",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9255",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "CVE-2017-9256",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-834",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9256",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "CVE-2017-9257",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-834",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9257",
"Impact": "Low",
"Public": "20170627"
},
{
"ID": "CVE-2018-19502",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19502",
"Impact": "High",
"Public": "20181123"
},
{
"ID": "CVE-2018-19503",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19503",
"Impact": "High",
"Public": "20181123"
},
{
"ID": "CVE-2018-19504",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19504",
"Impact": "High",
"Public": "20181123"
},
{
"ID": "CVE-2018-20194",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20194",
"Impact": "High",
"Public": "20181218"
},
{
"ID": "CVE-2018-20195",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20195",
"Impact": "Low",
"Public": "20181218"
},
{
"ID": "CVE-2018-20196",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20196",
"Impact": "High",
"Public": "20181218"
},
{
"ID": "CVE-2018-20197",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20197",
"Impact": "High",
"Public": "20181218"
},
{
"ID": "CVE-2018-20198",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20198",
"Impact": "Low",
"Public": "20181218"
},
{
"ID": "CVE-2018-20199",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20199",
"Impact": "Low",
"Public": "20181218"
},
{
"ID": "CVE-2018-20357",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20357",
"Impact": "Low",
"Public": "20181222"
},
{
"ID": "CVE-2018-20358",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20358",
"Impact": "Low",
"Public": "20181222"
},
{
"ID": "CVE-2018-20359",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20359",
"Impact": "Low",
"Public": "20181222"
},
{
"ID": "CVE-2018-20360",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20360",
"Impact": "Low",
"Public": "20181222"
},
{
"ID": "CVE-2018-20361",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20361",
"Impact": "Low",
"Public": "20181222"
},
{
"ID": "CVE-2018-20362",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20362",
"Impact": "Low",
"Public": "20181222"
},
{
"ID": "CVE-2019-15296",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15296",
"Impact": "High",
"Public": "20190821"
},
{
"ID": "CVE-2019-6956",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-6956",
"Impact": "High",
"Public": "20190125"
},
{
"ID": "CVE-2021-32273",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32273",
"Impact": "High",
"Public": "20210920"
},
{
"ID": "CVE-2021-32274",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32274",
"Impact": "High",
"Public": "20210920"
},
{
"ID": "CVE-2021-32276",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32276",
"Impact": "Low",
"Public": "20210920"
},
{
"ID": "CVE-2021-32277",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32277",
"Impact": "High",
"Public": "20210920"
},
{
"ID": "CVE-2021-32278",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32278",
"Impact": "High",
"Public": "20210920"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20231579001",
"Comment": "faad is earlier than 0:2.10.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231579002",
"Comment": "libfaad-devel is earlier than 0:2.10.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231579003",
"Comment": "libfaad2 is earlier than 0:2.10.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink