Univention Bugzilla – Bug 47505
faad2: Multiple issues (4.3)
Last modified: 2018-08-15 13:14:49 CEST
New Debian faad2 2.8.0~cvs20161113-1+deb9u1 fixes: This update addresses the following issue(s): * * The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. (CVE-2017-9218) * The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file. (CVE-2017-9219) * The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file. (CVE-2017-9220) * The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. (CVE-2017-9221) * The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. (CVE-2017-9222) * The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. (CVE-2017-9223) * The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. (CVE-2017-9253) * The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. (CVE-2017-9254) * The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. (CVE-2017-9255) * The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. (CVE-2017-9256) * The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. (CVE-2017-9257) 2.8.0~cvs20161113-1+deb9u1 (Tue, 01 May 2018 17:49:02 +0200) * Non-maintainer upload. * Fix CVE-2017-9218, CVE-2017-9219, CVE-2017-9220, CVE-2017-9221, CVE-2017-9222, CVE-2017-9223, CVE-2017-9253, CVE-2017-9254, CVE-2017-9255, CVE-2017-9256, CVE-2017-9257. Various issues were discovered in faad2, a fast audio decoder, that could cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
--- mirror/ftp/4.3/unmaintained/4.3-0/source/faad2_2.8.0~cvs20161113-1.dsc +++ apt/ucs_4.3-0-errata4.3-1/source/faad2_2.8.0~cvs20161113-1+deb9u1.dsc @@ -1,3 +1,13 @@ +2.8.0~cvs20161113-1+deb9u1 [Tue, 01 May 2018 17:49:02 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload. + * Fix CVE-2017-9218, CVE-2017-9219, CVE-2017-9220, CVE-2017-9221, + CVE-2017-9222, CVE-2017-9223, CVE-2017-9253, CVE-2017-9254, CVE-2017-9255, + CVE-2017-9256, CVE-2017-9257. + Various issues were discovered in faad2, a fast audio decoder, that could + cause a denial of service (large loop and CPU consumption) via a crafted + mp4 file. (Closes: #889915) + 2.8.0~cvs20161113-1 [Sun, 13 Nov 2016 17:45:15 +0100] Fabian Greffrath <fabian@debian.org>: * New upstream CVS snapshot. <http://10.200.17.11/4.3-1/#9181365568216398686>
OK: patches OK: piuparts OK: yaml OK: errata-announce faad2.yaml [4.3-1] 97ac613bed Bug #47505: faad2 2.8.0~cvs20161113-1+deb9u1 doc/errata/staging/faad2.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)
<http://errata.software-univention.de/ucs/4.3/176.html>