Package : faad2 Version : 2.7-8+deb8u2 CVE ID : CVE-2018-20194 CVE-2018-20197 CVE-2018-20198 CVE-2018-20362
Multiple vulnerabilities have been found in faad2, the Freeware Advanced Audio Coder:
Improper handling of implicit channel mapping reconfiguration leads to multiple heap based buffer overflow issues. These flaws might be leveraged by remote attackers to cause DoS.
Insufficient user input validation in the sbr_hfadj module leads to stack-based buffer underflow issues. These flaws might be leveraged by remote attackers to cause DoS or any other unspecified impact.
For Debian 8 "Jessie", these problems have been fixed in version 2.7-8+deb8u2.
We recommend that you upgrade your faad2 packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS