Debian Security Advisory

DSA-4522-1 faad2 -- security update

Date Reported:
15 Sep 2019
Affected Packages:
faad2
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 914641.
In Mitre's CVE dictionary: CVE-2018-19502, CVE-2018-19503, CVE-2018-19504, CVE-2018-20194, CVE-2018-20195, CVE-2018-20197, CVE-2018-20198, CVE-2018-20357, CVE-2018-20358, CVE-2018-20359, CVE-2018-20361, CVE-2018-20362, CVE-2019-15296.
More information:

Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder. These vulnerabilities might allow remote attackers to cause denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC files are processed.

For the oldstable distribution (stretch), these problems have been fixed in version 2.8.0~cvs20161113-1+deb9u2.

We recommend that you upgrade your faad2 packages.

For the detailed security status of faad2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/faad2