UbuntuUpdates.org

Package "faad"

Name: faad

Description:

freeware Advanced Audio Decoder player
Latest version: 2.9.1-1ubuntu0.1
Release: focal (20.04)
Level: security
Repository: universe
Head package: faad2
Homepage: https://github.com/knik0/faad2

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "faad"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "faad" in Focal

Repository Area Version
base universe 2.9.1-1
updates universe 2.9.1-1ubuntu0.1

Changelog

Version: 2.9.1-1ubuntu0.1 2023-08-29 11:07:35 UTC

  faad2 (2.9.1-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Arbitrary Code Execution
    - debian/patches/CVE-2021-32272.patch: fixed a buffer overflow in stszin
      function.
    - debian/patches/CVE-2021-32273.patch: fixed a buffer overflow in ftypin
      function.
    - debian/patches/CVE-2021-32274.patch: fixed two buffer overflows, one in
      sbr_qmf_synthesis_64 function (CVE-2021-32274) and the other one in
      sbr_qmf_analysis_32 function (CVE-2021-32277).
    - debian/patches/CVE-2021-32278.patch: fixed a buffer overflow in
      lt_prediction function.
    - debian/patches/CVE-2023-38857-[1-2].patch: fixed a buffer overflow in
      stcoin function.
    - debian/patches/CVE-2023-38858.patch: fixed a buffer overflow in mp4info
      function
    - CVE-2021-32272
    - CVE-2021-32273
    - CVE-2021-32274
    - CVE-2021-32277
    - CVE-2021-32278
    - CVE-2023-38857
    - CVE-2023-38858
  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2021-32276.patch: fixed a null pointer dereference in
      get_sample function.
    - CVE-2021-32276

 -- Amir Naseredini <email address hidden> Tue, 22 Aug 2023 14:07:04 +0100
CVE-2021-32272 An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to c
CVE-2021-32273 An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to
CVE-2021-32274 An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows a
CVE-2021-32277 An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an
CVE-2021-32278 An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an at
CVE-2023-38857 Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin functi
CVE-2023-38858 Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info funct
CVE-2021-32276 An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an att


About   -   Send Feedback to @ubuntu_updates