Candidate: CVE-2017-9130
PublicDate: 2017-06-21 07:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9130
 https://www.exploit-db.com/exploits/42207/
Description:
 The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio
 Coder (FAAC) 1.28 allows remote attackers to cause a denial of service
 (invalid memory read and application crash) via a crafted wav file.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_faac:
upstream_faac: released (1.29+git20170704-1)
precise/esm_faac: DNE
trusty_faac: ignored (reached end-of-life)
trusty/esm_faac: DNE (trusty was needed)
vivid/ubuntu-core_faac: DNE
xenial_faac: ignored (end of standard support, was needed)
yakkety_faac: ignored (reached end-of-life)
zesty_faac: ignored (reached end-of-life)
artful_faac: ignored (reached end-of-life)
bionic_faac: not-affected (1.29.7.7-1)
cosmic_faac: not-affected (1.29.7.7-1)
disco_faac: not-affected (1.29.7.7-1)
eoan_faac: not-affected (1.29.7.7-1)
focal_faac: not-affected (1.29.7.7-1)
groovy_faac: not-affected (1.29.7.7-1)
hirsute_faac: not-affected (1.29.7.7-1)
impish_faac: not-affected (1.29.7.7-1)
jammy_faac: not-affected (1.29.7.7-1)
devel_faac: not-affected (1.29.7.7-1)