Vulnerability CVE-2018-20362: Information

Description

A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-20362
Published: Dec. 22, 2018
Modified: June 15, 2020
Error type identifier: CWE-476

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
faadp102.10.1-alt12.11.1-alt1ALT-PU-2023-1579-2317731Fixed
faadp92.10.0-alt12.10.0-alt1ALT-PU-2021-1316-2266028Fixed
faadc10f12.10.1-alt12.11.1-alt1ALT-PU-2023-1579-2317731Fixed
faadc9f22.10.0-alt12.10.0-alt1ALT-PU-2021-1341-2266029Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/knik0/faad2/issues/26
  • Exploit
  • Third Party Advisory
[debian-lts-announce] 20190519 [SECURITY] [DLA 1791-1] faad2 security update
    DSA-4522
      20190916 [SECURITY] [DSA 4522-1] faad2 security update
        GLSA-202006-17

            1. Configuration 1

              cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2:2.8.8:*:*:*:*:*:*:*
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.5.1
          Back to top