Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder. These vulnerabilities might allow remote attackers to cause denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC files are processed.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4522-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                            Hugo Lefeuvre
September 15, 2019                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : faad2
CVE ID         : CVE-2018-19502 CVE-2018-19503 CVE-2018-19504 CVE-2018-20194 
                 CVE-2018-20195 CVE-2018-20197 CVE-2018-20198 CVE-2018-20357 
                 CVE-2018-20358 CVE-2018-20359 CVE-2018-20361 CVE-2018-20362 
                 CVE-2019-15296
Debian Bug     : 914641

Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced
Audio Coder. These vulnerabilities might allow remote attackers to cause
denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC
files are processed.

For the oldstable distribution (stretch), these problems have been fixed
in version 2.8.0~cvs20161113-1+deb9u2.

We recommend that you upgrade your faad2 packages.

For the detailed security status of faad2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/faad2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.