[SECURITY] [DLA 1899-1] faad2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : faad2
Version : 2.7-8+deb8u3
CVE ID : CVE-2018-19502 CVE-2018-20196 CVE-2018-20199 CVE-2018-20360
CVE-2019-6956 CVE-2019-15296
Debian Bug : 914641
Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced
Audio Coder:
CVE-2018-19502
Heap buffer overflow in the function excluded_channels (libfaad/syntax.c).
This vulnerability might allow remote attackers to cause denial of service
via crafted MPEG AAC data.
CVE-2018-20196
Stack buffer overflow in the function calculate_gain (libfaad/br_hfadj.c).
This vulnerability might allow remote attackers to cause denial of service
or any unspecified impact via crafted MPEG AAC data.
CVE-2018-20199
CVE-2018-20360
NULL pointer dereference in the function ifilter_bank (libfaad/filtbank.c).
This vulnerability might allow remote attackers to cause denial of service
via crafted MPEG AAC data.
CVE-2019-6956
Global buffer overflow in the function ps_mix_phase (libfaad/ps_dec.c).
This vulnerability might allow remote attackers to cause denial of service
or any other unspecified impact via crafted MPEG AAC data.
CVE-2019-15296
Buffer overflow in the function faad_resetbits (libfaad/bits.c). This
vulnerability might allow remote attackers to cause denial of service via
crafted MPEG AAC data.
For Debian 8 "Jessie", these problems have been fixed in version
2.7-8+deb8u3.
We recommend that you upgrade your faad2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl1m1gQACgkQEeMFjl5E
GkJaVQv/W48503HIzAfOvNfvM/7715Ap1txzTGjIM+mdPeWPm9FtnZDczkWQRK5S
2YZ+vYS5trLI85byyETZ47PnhOHk6txT8LZsN9oNySYPZgcHA0VIenZIfi75Zx90
f1ZgodovmK0ZfiGedZjy1wveCrn9GwLtCnH7Ob01M0aC4yAVEO+2DP0y8hjGp8Gb
g4aGEbETo5GIHCdWtIQ6azdUdxBMxjQL6Go1VIWueGQstacs1SGC3p26V1h/ZQSZ
ZA8Cwk9wxl+sV6E0W3l59jE8VINW7oLcU3FeGAnMXz6FD8kl4g9D2r+QemqoTNVF
1bhpS75vqDsT1uzMfO8Fc6kXGVgmBMdNVSAVFnPsR4JOifhfNQZt81eikaXN3+x7
ZU/9sMeTov7dggZva/ub7lvc2Iegv99xabeM2l1LAA6ISeuC7j5r4C+6G27EOqOQ
fM4gtrAxCkhfUfF3iPpAa6H+XyL5Y9M+PONfo1j6cWDPYa/Tu5Cxy3Usk2yZYtxV
DV/HSA1S
=y/B2
-----END PGP SIGNATURE-----
Reply to: