audiocoding CVE Vulnerabilities & Metrics

Focus on audiocoding vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About audiocoding Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with audiocoding. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total audiocoding CVEs: 35
Earliest CVE date: 24 Sep 2008, 11:42 UTC
Latest CVE date: 21 Aug 2019, 07:15 UTC

Latest CVE reference: CVE-2019-15296

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical audiocoding CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.43

Max CVSS: 9.3

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	29
7.0-8.9	6
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS audiocoding CVEs

These are the five CVEs with the highest CVSS scores for audiocoding, sorted by severity first and recency.

CVE-2008-4201 audiocoding Published on 24 Sep 2008, 11:42 UTC (CVSS: 9.3)
Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.
CVE-2017-9257 audiocoding Published on 27 Jun 2017, 12:29 UTC (CVSS: 7.1)
The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9256 audiocoding Published on 27 Jun 2017, 12:29 UTC (CVSS: 7.1)
The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9255 audiocoding Published on 27 Jun 2017, 12:29 UTC (CVSS: 7.1)
The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
CVE-2017-9254 audiocoding Published on 27 Jun 2017, 12:29 UTC (CVSS: 7.1)
The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

All CVEs for audiocoding

CVE-2019-15296 audiocoding vulnerability CVSS: 6.8 21 Aug 2019, 07:15 UTC

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(&ld->start[words], ld->bytes_left).

CVE-2019-6956 audiocoding vulnerability CVSS: 5.8 25 Jan 2019, 16:29 UTC

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.

CVE-2018-20362 audiocoding vulnerability CVSS: 4.3 22 Dec 2018, 15:29 UTC

A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case.

CVE-2018-20361 audiocoding vulnerability CVSS: 4.3 22 Dec 2018, 15:29 UTC

An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

CVE-2018-20360 audiocoding vulnerability CVSS: 4.3 22 Dec 2018, 15:29 UTC

An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

CVE-2018-20359 audiocoding vulnerability CVSS: 4.3 22 Dec 2018, 15:29 UTC

An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

CVE-2018-20358 audiocoding vulnerability CVSS: 4.3 22 Dec 2018, 15:29 UTC

An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

CVE-2018-20357 audiocoding vulnerability CVSS: 4.3 22 Dec 2018, 15:29 UTC

A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash.

CVE-2018-20199 audiocoding vulnerability CVSS: 4.3 18 Dec 2018, 01:29 UTC

A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case.

CVE-2018-20198 audiocoding vulnerability CVSS: 4.3 18 Dec 2018, 01:29 UTC

A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the LONG_START_SEQUENCE case.

CVE-2018-20197 audiocoding vulnerability CVSS: 6.8 18 Dec 2018, 01:29 UTC

There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max > G case.

CVE-2018-20196 audiocoding vulnerability CVSS: 6.8 18 Dec 2018, 01:29 UTC

There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.

CVE-2018-20195 audiocoding vulnerability CVSS: 4.3 18 Dec 2018, 01:29 UTC

A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

CVE-2018-20194 audiocoding vulnerability CVSS: 6.8 18 Dec 2018, 01:29 UTC

CVE-2018-19891 audiocoding vulnerability CVSS: 4.3 06 Dec 2018, 00:29 UTC

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 10 case.

CVE-2018-19890 audiocoding vulnerability CVSS: 4.3 06 Dec 2018, 00:29 UTC

CVE-2018-19889 audiocoding vulnerability CVSS: 4.3 06 Dec 2018, 00:29 UTC

CVE-2018-19888 audiocoding vulnerability CVSS: 4.3 06 Dec 2018, 00:29 UTC

CVE-2018-19887 audiocoding vulnerability CVSS: 4.3 06 Dec 2018, 00:29 UTC

CVE-2018-19886 audiocoding vulnerability CVSS: 4.3 06 Dec 2018, 00:29 UTC

CVE-2018-19504 audiocoding vulnerability CVSS: 6.8 23 Nov 2018, 19:29 UTC

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c.

CVE-2018-19503 audiocoding vulnerability CVSS: 6.8 23 Nov 2018, 19:29 UTC

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c.

CVE-2018-19502 audiocoding vulnerability CVSS: 6.8 23 Nov 2018, 19:29 UTC

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c.

CVE-2017-9257 audiocoding vulnerability CVSS: 7.1 27 Jun 2017, 12:29 UTC

The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

CVE-2017-9256 audiocoding vulnerability CVSS: 7.1 27 Jun 2017, 12:29 UTC

The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

CVE-2017-9255 audiocoding vulnerability CVSS: 7.1 27 Jun 2017, 12:29 UTC

The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

CVE-2017-9254 audiocoding vulnerability CVSS: 7.1 27 Jun 2017, 12:29 UTC

The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

CVE-2017-9253 audiocoding vulnerability CVSS: 7.1 27 Jun 2017, 12:29 UTC

The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

CVE-2017-9223 audiocoding vulnerability CVSS: 4.3 27 Jun 2017, 12:29 UTC

The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.

CVE-2017-9222 audiocoding vulnerability CVSS: 7.1 27 Jun 2017, 12:29 UTC

The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.

CVE-2017-9221 audiocoding vulnerability CVSS: 4.3 27 Jun 2017, 12:29 UTC

The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.

CVE-2017-9220 audiocoding vulnerability CVSS: 4.3 27 Jun 2017, 12:29 UTC

The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file.

CVE-2017-9219 audiocoding vulnerability CVSS: 4.3 27 Jun 2017, 12:29 UTC

The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file.

CVE-2017-9218 audiocoding vulnerability CVSS: 4.3 27 Jun 2017, 12:29 UTC

The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.

CVE-2017-9129 audiocoding vulnerability CVSS: 4.3 21 Jun 2017, 07:29 UTC

The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (large loop) via a crafted wav file.

CVE-2008-4201 audiocoding vulnerability CVSS: 9.3 24 Sep 2008, 11:42 UTC

Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.