CVE-2018-20198

Name of the Vulnerable Software and Affected Versions Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8

Description A NULL pointer dereference was discovered in the ifilter bank function of libfaad/filtbank.c, which causes a segmentation fault and application crash. This leads to denial of service due to mishandling of adding to windowed output in the LONG START SEQUENCE case. The vulnerability can be exploited to cause a denial of service.

Recommendations For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, consider applying a patch or fix that addresses the NULL pointer dereference issue in the ifilter bank function to prevent denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.