CVE-2021-32273 – CVE-2021-32273 is a stack buffer overflow vulne... (How to Fix)

Q: What is the severity of CVE-2021-32273?

CVE-2021-32273 has a CVSS score of 7.8 (HIGH). CVE-2021-32273 is a stack buffer overflow vulnerability in the ftypin function of faad2 MP4/AAC audio decoder library. It allows remote attackers to execute arbitrary code by providing specially crafted MP4 files. Any application or system using vulnerable versions of faad2 library is affected.

📋 TL;DR

CVE-2021-32273 is a stack buffer overflow vulnerability in the ftypin function of faad2 MP4/AAC audio decoder library. It allows remote attackers to execute arbitrary code by providing specially crafted MP4 files. Any application or system using vulnerable versions of faad2 library is affected.

💻 Affected Systems

Products:

faad2 library
Applications using faad2 (media players, converters, streaming software)

Versions: faad2 through 2.10.0

Operating Systems: Linux, Windows, macOS, BSD, Any OS with faad2

Default Config Vulnerable: ⚠️ Yes

Notes: Any application linking against vulnerable faad2 versions is affected when processing MP4 files.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Faad2 by Faad2 Project

View all CVEs affecting Faad2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application using faad2, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or limited code execution depending on exploit sophistication and system protections.

🟢

If Mitigated

Application crash with no code execution if ASLR/stack protections are effective.

🌐 Internet-Facing: MEDIUM - Requires processing malicious MP4 files, which could occur through media uploads or streaming services.

🏢 Internal Only: LOW - Requires user interaction to process malicious files or integration with vulnerable media processing pipelines.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploit requires crafting malicious MP4 files; public PoC exists in GitHub issues.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: faad2 2.10.1 and later

Vendor Advisory: https://github.com/knik0/faad2/issues/56

Restart Required: Yes

Instructions:

1. Update faad2 to version 2.10.1 or later. 2. Rebuild/reinstall applications using faad2. 3. Restart affected services/applications.

🔧 Temporary Workarounds

Disable MP4 processing

all

Configure applications to reject or not process MP4 files if functionality not required.

Application-specific configuration

Use alternative AAC decoder

linux

Replace faad2 with alternative AAC decoding library in applications.

Package manager commands to install alternative libraries

🧯 If You Can't Patch

Implement strict input validation for MP4 files
Run applications with minimal privileges and in sandboxed environments

🔍 How to Verify

Check if Vulnerable:

Check faad2 version: faad --version or check package manager (apt list --installed | grep faad2, rpm -qa | grep faad2)

Check Version:

faad --version 2>/dev/null || echo "faad2 version: $(pkg-config --modversion faad2 2>/dev/null || dpkg -l | grep faad2 | awk '{print $3}' || rpm -q faad2)"

Verify Fix Applied:

Verify installed faad2 version is 2.10.1 or higher

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults when processing MP4 files
Unexpected process termination in media processing applications

Network Indicators:

Unusual outbound connections from media processing applications
Large MP4 file uploads to vulnerable endpoints

SIEM Query:

process_name:faad OR process_name:containing_faad AND (event_type:crash OR exit_code:139)

📊 Metadata

CVE ID: CVE-2021-32273

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: September 20, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/knik0/faad2/issues/56 Exploit,Issue Tracking,Third Party Advisory
https://www.debian.org/security/2022/dsa-5109 Third Party Advisory
https://github.com/knik0/faad2/issues/56 Exploit,Issue Tracking,Third Party Advisory
https://www.debian.org/security/2022/dsa-5109 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32273, you might also want to check these: