Source: faac Version: 1.28+cvs20151130-1 Severity: important Tags: security upstream
Hi, the following vulnerabilities were published for faac. CVE-2017-9129[0]: | The wav_open_read function in frontend/input.c in Freeware Advanced | Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of | service (large loop) via a crafted wav file. CVE-2017-9130[1]: | The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio | Coder (FAAC) 1.28 allows remote attackers to cause a denial of service | (invalid memory read and application crash) via a crafted wav file. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9129 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9129 [1] https://security-tracker.debian.org/tracker/CVE-2017-9130 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9130 [2] https://www.exploit-db.com/exploits/42207/ Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
