CVE-2021-26567

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-26567

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-26567.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-26567

Published

2021-02-26T22:15:20.707Z

Modified

2025-11-14T11:33:02.814583Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.

References

Affected packages

Git / github.com/knik0/faad2

Affected ranges

Type: GIT
Repo: https://github.com/knik0/faad2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

720f7004d6c4aabee19aad16e7c456ed76a3ebfa

Affected versions

Other

FAAD2_2_5

FAAD2_2_7

arelease

ver_2_0

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "main",
            "file": "frontend/main.c"
        },
        "digest": {
            "function_hash": "95742462205655087578236785053942125758",
            "length": 4736.0
        },
        "signature_type": "Function",
        "source": "https://github.com/knik0/faad2/commit/720f7004d6c4aabee19aad16e7c456ed76a3ebfa",
        "id": "CVE-2021-26567-64dae37b"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "frontend/main.c"
        },
        "digest": {
            "line_hashes": [
                "306659755408664481554497882326530877476",
                "213407387545487024536194668280215840308",
                "148073088228211882827322902778678516414",
                "16654748510347319609504716732749980679",
                "330208000278894993203207276138467824409",
                "297352587452118111443895761903390731583",
                "320836221036234536879684924487166759834",
                "124951596289727895763253951882181560404",
                "19587932756649956852888588983105705900",
                "138952740350482020137357106067673585353",
                "204276984114376152072326174589153731527",
                "291013805752271619024730546759320044380",
                "323512358555906136900152563794785142316",
                "229669719966857248386029785612329923687",
                "41149201910957390574582480783513483136",
                "251266136391002991049717518773052748937",
                "318074296695251189569800443972256847883",
                "265433941319363142317182450960142062579",
                "188226239427061059445051681021010020172",
                "212375895169298719516805237693641231011",
                "81392596556405006199225184731851944896",
                "135257427212578991870565203922282716675",
                "73529895415045791327769103520526719311",
                "316208917844620361821882407917060414594",
                "189345695525901561662559109416882030903",
                "129089615508674507602734237263448596672",
                "256030286320760498250207455522929183010"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/knik0/faad2/commit/720f7004d6c4aabee19aad16e7c456ed76a3ebfa",
        "id": "CVE-2021-26567-c5b40804"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-26567.json"