{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "6.2.3-25426-3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.0" } ] }, { "events": [ { "introduced": "0" }, { "fixed": "2.2.7.1" } ] }, { "events": [ { "introduced": "faad2" }, { "fixed": "2.2.7.1" } ] } ] }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "720f7004d6c4aabee19aad16e7c456ed76a3ebfa" } ], "repo": "https://github.com/knik0/faad2", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "720f7004d6c4aabee19aad16e7c456ed76a3ebfa" } ], "repo": "https://github.com/knik0/faad2", "type": "GIT" } ] } ], "details": "Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.", "id": "CVE-2021-26567", "modified": "2026-03-13T21:49:29.545169899Z", "published": "2021-02-26T22:15:20.707Z", "references": [ { "type": "ADVISORY", "url": "https://www.synology.com/security/advisory/Synology_SA_20_26" }, { "type": "FIX", "url": "https://github.com/knik0/faad2/commit/720f7004d6c4aabee19aad16e7c456ed76a3ebfa" } ], "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }