CVE-2021-32272
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-32272
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32272.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-32272
- Downstream
- Published
- 2021-09-20T16:15:10Z
- Modified
- 2025-10-15T13:00:42.310611Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution.
- References
Affected packages
Git / github.com/knik0/faad2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/knik0/faad2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
2_8_0
2_8_1
2_8_2
2_8_3
2_8_4
2_8_5
2_8_6
2_8_7
2_8_8
2_9_0
2_9_1
2_9_2
FAAD2_2_5
FAAD2_2_7
FAAD2_2_7_1
arelease
ver_2_0
Database specific
vanir_signatures
[
{
"digest": {
"length": 656.0,
"function_hash": "91462948182982020859128384302487742294"
},
"target": {
"function": "stszin",
"file": "frontend/mp4read.c"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24",
"signature_version": "v1",
"id": "CVE-2021-32272-2d26666e"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"327116514384300148477453486440650707654",
"168372093800188031639950445655704535903",
"338288728775108395541123149893066390502"
]
},
"target": {
"file": "frontend/mp4read.c"
},
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24",
"signature_version": "v1",
"id": "CVE-2021-32272-e4e306c9"
}
]