CVE-2021-32276

CVE-2021-32276

Name

CVE-2021-32276

Description

An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/knik0/faad2/issues/58
Mailing List	https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html
DEBIAN	https://www.debian.org/security/2022/dsa-5109

Type

URI

MISC

https://github.com/knik0/faad2/issues/58

Mailing List

https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html

DEBIAN

https://www.debian.org/security/2022/dsa-5109

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:faad2_project:faad2::::::::`	faad2	>= None	<= 2.10.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:faad2_project:faad2:*:*:*:*:*:*:*:*

faad2

>= None

<= 2.10.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
faad2	3.14-community	2.10.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
faad2	3.11-main	2.9.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
faad2	3.15-community	2.10.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
faad2	3.16-community	2.10.1-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
faad2	3.17-community	2.10.1-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

faad2

3.14-community

2.10.0-r0

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

faad2

3.11-main