{
  "version": "1",
  "package": [
    {
      "name": "faad2",
      "layer": "meta-oe",
      "version": "2.11.1+git",
      "products": [
        {
          "product": "faad2",
          "cvesInRecord": "Yes"
        }
      ],
      "issue": [
        {
          "id": "CVE-2008-4201",
          "summary": "Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.",
          "scorev2": "9.3",
          "scorev3": "0.0",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2008-4201"
        },
        {
          "id": "CVE-2021-26567",
          "summary": "Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.",
          "scorev2": "6.5",
          "scorev3": "7.8",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-26567"
        },
        {
          "id": "CVE-2021-32272",
          "summary": "An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution.",
          "scorev2": "6.8",
          "scorev3": "7.8",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-32272"
        },
        {
          "id": "CVE-2021-32273",
          "summary": "An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution.",
          "scorev2": "6.8",
          "scorev3": "7.8",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-32273"
        },
        {
          "id": "CVE-2021-32274",
          "summary": "An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution.",
          "scorev2": "6.8",
          "scorev3": "7.8",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-32274"
        },
        {
          "id": "CVE-2021-32276",
          "summary": "An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service.",
          "scorev2": "4.3",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-32276"
        },
        {
          "id": "CVE-2021-32277",
          "summary": "An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution.",
          "scorev2": "6.8",
          "scorev3": "7.8",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-32277"
        },
        {
          "id": "CVE-2021-32278",
          "summary": "An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution.",
          "scorev2": "6.8",
          "scorev3": "7.8",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-32278"
        },
        {
          "id": "CVE-2023-38857",
          "summary": "Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.",
          "scorev2": "0.0",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-38857"
        },
        {
          "id": "CVE-2023-38858",
          "summary": "Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039.",
          "scorev2": "0.0",
          "scorev3": "6.5",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-38858"
        }
      ]
    }
  ]
}