Debian Faad2 vulnerabilities

CVE-2018-20360 [MEDIUM] CVE-2018-20360: faad2 - An invalid memory address dereference was discovered in the sbr_process_channel ... An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. Scope: local bookworm: resolved (fixed in 2.8.8-3.1) bullseye: resolved (fixed in 2.8.8-3.1) forky: res

CVE-2018-20199 [MEDIUM] CVE-2018-20199: faad2 - A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c ... A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case. Scope: local bookworm: resolved (fixed in 2.8.8-3.1) b

CVE-2018-20361 [MEDIUM] CVE-2018-20361: faad2 - An invalid memory address dereference was discovered in the hf_assembly function... An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. Scope: local bookworm: resolved (fixed in 2.8.8-2) bullseye: resolved (fixed in 2.8.8-2) forky: resolved (fix

CVE-2018-20358 [MEDIUM] CVE-2018-20358: faad2 - An invalid memory address dereference was discovered in the lt_prediction functi... An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. Scope: local bookworm: resolved (fixed in 2.8.8-2) bullseye: resolved (fixed in 2.8.8-2) forky: resolved (

CVE-2018-19504 [HIGH] CVE-2018-19504: faad2 - An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. Ther... An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c. Scope: local bookworm: resolved (fixed in 2.8.8-2) bullseye: resolved (fixed in 2.8.8-2) forky: resolved (fixed in 2.8.8-2) sid: resolved (fixed in 2.8.8-2) trixie: resolved (fixed in 2.8.8-2)

CVE-2017-9219 [MEDIUM] CVE-2017-9219: faad2 - The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audi... The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file. Scope: local bookworm: resolved (fixed in 2.8.1-1) bullseye: resolved (fixed in 2.8.1-1) forky: resolved (fixed in 2.8.1-1) sid: resolved (fi

CVE-2017-9253 [MEDIUM] CVE-2017-9253: faad2 - The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audi... The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. Scope: local bookworm: resolved (fixed in 2.8.1-1) bullseye: resolved (fixed in 2.8.1-1) forky: resolved (fixed in 2.8.1-1) sid: resolved (fixed in 2.8.1-1)

CVE-2017-9222 [MEDIUM] CVE-2017-9222: faad2 - The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audi... The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. Scope: local bookworm: resolved (fixed in 2.8.1-1) bullseye: resolved (fixed in 2.8.1-1) forky: resolved (fixed in 2.8.1-1) sid: resolved (fixed in 2.8.1

CVE-2017-9218 [MEDIUM] CVE-2017-9218: faad2 - The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audi... The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. Scope: local bookworm: resolved (fixed in 2.8.1-1) bullseye: resolved (fixed in 2.8.1-1) forky: resolved (fixed in 2.8.1-1) sid: resolved (fixed

CVE-2017-9220 [MEDIUM] CVE-2017-9220: faad2 - The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audi... The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file. Scope: local bookworm: resolved (fixed in 2.8.1-1) bullseye: resolved (fixed in 2.8.1-1) forky: resolved (fixed in 2.8.1-1) sid: resolved (fixed in 2.8.1-1) trixie

CVE-2017-9223 [MEDIUM] CVE-2017-9223: faad2 - The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audi... The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. Scope: local bookworm: resolved (fixed in 2.8.1-1) bullseye: resolved (fixed in 2.8.1-1) forky: resolved (fixed in 2.8.1-1) sid: resolved (fixed

CVE-2017-9257 [MEDIUM] CVE-2017-9257: faad2 - The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audi... The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. Scope: local bookworm: resolved (fixed in 2.8.1-1) bullseye: resolved (fixed in 2.8.1-1) forky: resolved (fixed in 2.8.1-1) sid: resolved (fixed in 2.8.1-1)

CVE-2017-9255 [MEDIUM] CVE-2017-9255: faad2 - The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audi... The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. Scope: local bookworm: resolved (fixed in 2.8.1-1) bullseye: resolved (fixed in 2.8.1-1) forky: resolved (fixed in 2.8.1-1) sid: resolved (fixed in 2.8.1-1)

CVE-2017-9254 [MEDIUM] CVE-2017-9254: faad2 - The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audi... The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. Scope: local bookworm: resolved (fixed in 2.8.1-1) bullseye: resolved (fixed in 2.8.1-1) forky: resolved (fixed in 2.8.1-1) sid: resolved (fixed in 2.8.1-1)

CVE-2017-9221 [MEDIUM] CVE-2017-9221: faad2 - The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audi... The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. Scope: local bookworm: resolved (fixed in 2.8.1-1) bullseye: resolved (fixed in 2.8.1-1) forky: resolved (fixed in 2.8.1-1) sid: resolved (fixed

CVE-2017-9256 [MEDIUM] CVE-2017-9256: faad2 - The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audi... The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. Scope: local bookworm: resolved (fixed in 2.8.1-1) bullseye: resolved (fixed in 2.8.1-1) forky: resolved (fixed in 2.8.1-1) sid: resolved (fixed in 2.8.1-1)

CVE-2008-4201 [CRITICAL] CVE-2008-4201: faad2 - Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FA... Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file. Scope: local bookworm: resolved (fixed in 2.6.1-3.1) bullseye: resolved (fixed in 2.6.1-3.1) forky: resolved (fixed in 2.6.1-3.1) sid: r

CVE-2008-5244 [CRITICAL] CVE-2008-5244: faad2 - Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attac... Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad. Scope: local bookworm: resolved (fixed in 2.6.1-1) bullseye: resolved (fixed in 2.6.1-1) forky: resolved (fixed in 2.6.1-1) sid: resolved (fixed in 2.6.1-1)