Source: faad2 Version: 2.8.8-1 Severity: important Tags: security upstream Forwarded: https://sourceforge.net/p/faac/bugs/240/
Hi, The following vulnerabilities were published for faad2. CVE-2018-19502[0]: | An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) | 2.8.1. There was a heap-based buffer overflow in the function | excluded_channels() in libfaad/syntax.c. CVE-2018-19503[1]: | An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) | 2.8.1. There was a stack-based buffer overflow in the function | calculate_gain() in libfaad/sbr_hfadj.c. CVE-2018-19504[2]: | An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) | 2.8.1. There is a NULL pointer dereference in ifilter_bank() in | libfaad/filtbank.c. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-19502 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502 [1] https://security-tracker.debian.org/tracker/CVE-2018-19503 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503 [2] https://security-tracker.debian.org/tracker/CVE-2018-19504 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ pkg-multimedia-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
