Vulnerability CVE-2018-17825: Information

Description

An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.

Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.5)
Vector: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
URL: https://nvd.nist.gov/vuln/detail/CVE-2018-17825
Published: Oct. 1, 2018
Modified: Nov. 21, 2024
Error type identifier: CWE-415

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libadplugsisyphus2.2.1-alt32.3.3-alt1.git104.g66b19f6ALT-PU-2019-2765-1237968Fixed
libadplugp112.2.1-alt32.3.3-alt1.git104.g66b19f6ALT-PU-2019-2765-1237968Fixed
libadplugp102.2.1-alt32.2.1-alt3ALT-PU-2019-2765-1237968Fixed
libadplugp92.2.1-alt32.2.1-alt3ALT-PU-2019-2774-1238027Fixed
libadplugc10f22.2.1-alt32.2.1-alt3ALT-PU-2019-2765-1237968Fixed
libadplugc9f22.2.1-alt32.2.1-alt3ALT-PU-2019-2774-1238027Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/adplug/adplug/issues/67
  • Exploit
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q32A64R2APAC5PXIMSYIEFDQX5AD4GAS/
    https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3PW6PLDTPSQQRHKTU2FB72SUB4Q66NE/
        1. cpe:2.3:a:adplug_project:adplug:2.3.1:*:*:*:*:*:*:*
          cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
          cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
      Version: v26.2.2
      Back to top