An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution.
https://www.debian.org/security/2022/dsa-5109
https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html