Debian Security Advisory
DSA-4522-1 faad2 -- security update
- Date Reported:
- 15 Sep 2019
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 914641.
In Mitre's CVE dictionary: CVE-2018-19502, CVE-2018-19503, CVE-2018-19504, CVE-2018-20194, CVE-2018-20195, CVE-2018-20197, CVE-2018-20198, CVE-2018-20357, CVE-2018-20358, CVE-2018-20359, CVE-2018-20361, CVE-2018-20362, CVE-2019-15296.
- More information:
Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder. These vulnerabilities might allow remote attackers to cause denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC files are processed.
For the oldstable distribution (stretch), these problems have been fixed in version 2.8.0~cvs20161113-1+deb9u2.
We recommend that you upgrade your faad2 packages.
For the detailed security status of faad2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/faad2