Univention Bugzilla – Bug 50194
faad2: Multiple issues (4.4)
Last modified: 2019-09-18 13:23:30 CEST
New Debian faad2 2.8.0~cvs20161113-1+deb9u2 fixes: This update addresses the following issues: * An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c. (CVE-2018-19502) * An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c. (CVE-2018-19503) * An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c. (CVE-2018-19504) * There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max <= G case. (CVE-2018-20194) * A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (CVE-2018-20195) * There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max > G case. (CVE-2018-20197) * A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the LONG_START_SEQUENCE case. (CVE-2018-20198) * A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash. (CVE-2018-20357) * An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (CVE-2018-20358) * An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (CVE-2018-20359) * An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (CVE-2018-20361) * A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case. (CVE-2018-20362) * An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(&ld->start[words], ld->bytes_left). (CVE-2019-15296)
--- mirror/ftp/4.3/unmaintained/4.3-2/source/faad2_2.8.0~cvs20161113-1+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-1/source/faad2_2.8.0~cvs20161113-1+deb9u2.dsc @@ -1,3 +1,16 @@ +2.8.0~cvs20161113-1+deb9u2 [Fri, 06 Sep 2019 18:52:19 +0200] Hugo Lefeuvre <hle@debian.org>: + + * Non-maintainer upload by the Security Team. + * CVE-2018-20357, CVE-2018-20359, CVE-2018-20197, CVE-2018-20194, + CVE-2018-19503, CVE-2018-20361: multiple memory corruption vulnerabilities + caused by insufficiently sanitized frequency band borders. + * CVE-2018-20358, CVE-2018-20362, CVE-2018-19504, CVE-2018-20195, + CVE-2018-20198: multiple memory corruption vulnerabilities caused by syntax + element inconsistencies (implicit channel mapping reconfiguration). + * CVE-2019-15296: buffer overflow in faad_resetbits. + * CVE-2018-19502: heap based buffer overfow in excluded_channels + (libfaad/syntax.c) (Closes: #914641). + 2.8.0~cvs20161113-1+deb9u1 [Tue, 01 May 2018 17:49:02 +0200] Markus Koschany <apo@debian.org>: * Non-maintainer upload. <http://10.200.17.11/4.4-1/#9181365568213151111>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-1] 54ed6a4ac7 Bug #50194: faad2 2.8.0~cvs20161113-1+deb9u2 doc/errata/staging/faad2.yaml | 72 +++++++++++++++++++------------------------ 1 file changed, 32 insertions(+), 40 deletions(-) [4.4-1] e9fbfcc7be Bug #50194: faad2 2.8.0~cvs20161113-1+deb9u2 doc/errata/staging/faad2.yaml | 79 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+)
<http://errata.software-univention.de/ucs/4.4/274.html>