PT-2018-17984 · Underbit+4 · Libmad+4

Moritz Muehlenhoff

·

Publicado

2018-02-20

·

Atualizado

2020-04-28

·

CVE-2018-7263

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libmad versions prior to 0.15.1b
Description The issue is related to the mad decoder run() function in decoder.c, which allows remote attackers to cause a denial of service or possibly have other unspecified impacts via a crafted file. This could result in a SIGABRT due to double free or corruption.
Recommendations For versions prior to 0.15.1b, consider disabling the mad decoder run() function as a temporary workaround until a patch is available. Restrict access to crafted files to minimize the risk of exploitation.

Correção

DoS

Double Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-415

Identificadores relacionados

ALSA-2020:1631
CESA-2020_1631
CVE-2018-7263
MGASA-2019-0078
RHSA-2020:1631
RHSA-2020_1631
RLSA-2020:1631

Produtos afetados

Almalinux
Centos
Red Hat
Rocky Linux
Libmad