- Vulnerability/
- USN-6313-1
USN-6313-1: FAAD2 vulnerabilities
First published: Tue Aug 29 2023(Updated: )
It was discovered that FAAD2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2021-32272, CVE-2021-32273, CVE-2021-32274, CVE-2021-32277, CVE-2021-32278, CVE-2023-38857, CVE-2023-38858) It was discovered that FAAD2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-32276)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/faad | <2.9.1-1ubuntu0.1 | 2.9.1-1ubuntu0.1 |
| =20.04 | ||
| All of | ||
| ubuntu/libfaad-dev | <2.9.1-1ubuntu0.1 | 2.9.1-1ubuntu0.1 |
| =20.04 | ||
| All of | ||
| ubuntu/libfaad2 | <2.9.1-1ubuntu0.1 | 2.9.1-1ubuntu0.1 |
| =20.04 | ||
| All of | ||
| ubuntu/faad | <2.8.8-1ubuntu0.1~esm1 | 2.8.8-1ubuntu0.1~esm1 |
| =18.04 | ||
| All of | ||
| ubuntu/libfaad-dev | <2.8.8-1ubuntu0.1~esm1 | 2.8.8-1ubuntu0.1~esm1 |
| =18.04 | ||
| All of | ||
| ubuntu/libfaad2 | <2.8.8-1ubuntu0.1~esm1 | 2.8.8-1ubuntu0.1~esm1 |
| =18.04 | ||
| All of | ||
| ubuntu/faad | <2.8.0~cvs20150510-1ubuntu0.1+esm1 | 2.8.0~cvs20150510-1ubuntu0.1+esm1 |
| =16.04 | ||
| All of | ||
| ubuntu/libfaad-dev | <2.8.0~cvs20150510-1ubuntu0.1+esm1 | 2.8.0~cvs20150510-1ubuntu0.1+esm1 |
| =16.04 | ||
| All of | ||
| ubuntu/libfaad2 | <2.8.0~cvs20150510-1ubuntu0.1+esm1 | 2.8.0~cvs20150510-1ubuntu0.1+esm1 |
| =16.04 | ||
| All of | ||
| ubuntu/faad | <2.7-8+deb8u3ubuntu0.1~esm1 | 2.7-8+deb8u3ubuntu0.1~esm1 |
| =14.04 | ||
| All of | ||
| ubuntu/libfaad-dev | <2.7-8+deb8u3ubuntu0.1~esm1 | 2.7-8+deb8u3ubuntu0.1~esm1 |
| =14.04 | ||
| All of | ||
| ubuntu/libfaad2 | <2.7-8+deb8u3ubuntu0.1~esm1 | 2.7-8+deb8u3ubuntu0.1~esm1 |
| =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2021-32276
- https://ubuntu.com/security/CVE-2021-32278
- https://ubuntu.com/security/CVE-2023-38857
- https://ubuntu.com/security/CVE-2021-32273
- https://ubuntu.com/security/CVE-2021-32274
- https://ubuntu.com/security/CVE-2021-32277
- https://ubuntu.com/security/CVE-2023-38858
- https://ubuntu.com/security/CVE-2021-32272
- https://launchpad.net/ubuntu/+source/faad2/2.9.1-1ubuntu0.1
- https://ubuntu.com/security/notices/USN-6313-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-6313-1?
The severity of USN-6313-1 is high.
How does FAAD2 handle certain inputs?
FAAD2 incorrectly handles certain inputs, which can lead to the execution of arbitrary code.
How can a remote attacker exploit the FAAD2 vulnerabilities?
A remote attacker can exploit the FAAD2 vulnerabilities by tricking a user or system into opening a specially crafted input file.
What is the recommended remedy for the FAAD2 vulnerabilities?
The recommended remedy for the FAAD2 vulnerabilities is to update to version 2.9.1-1ubuntu0.1 (for Ubuntu 20.04), 2.8.8-1ubuntu0.1~esm1 (for Ubuntu 18.04), 2.8.0~cvs20150510-1ubuntu0.1+esm1 (for Ubuntu 16.04), or 2.7-8+deb8u3ubuntu0.1~esm1 (for Ubuntu 14.04).
Where can I find more information about the FAAD2 vulnerabilities?
More information about the FAAD2 vulnerabilities can be found on the Ubuntu Security Notices website.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04