Fantasy7082

**Name of the Vulnerable Software and Affected Versions** Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8 **Description** The issue is related to a stack-based buffer overflow in the calculate gain function within the libfaad/sbr hfadj.c component of the Freeware Advanced Audio Decoder 2 (FAAD2). This overflow occurs due to the mishandling of the S M array. A crafted input can lead to a denial of service or potentially other unspecified impacts. Additionally, the vulnerability can be exploited by a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, consider applying a patch or update that fixes the calculate gain function in libfaad/sbr hfadj.c to prevent the stack-based buffer overflow. As a temporary workaround, restrict the use of the calculate gain function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8 **Description** The issue is related to the incorrect handling of a new PS channel in the sbr process channel function of the libfaad/sbr dec.c component of the FAAD2 audio decoder. This allows a remote attacker to cause a denial of service. The vulnerability causes a segmentation fault and application crash. **Recommendations** For version 2.8.8, consider disabling the sbr process channel function as a temporary workaround until a patch is available. Restrict access to the libfaad/sbr dec.c component to minimize the risk of exploitation. Avoid using the affected audio decoder until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8 **Description** The issue is related to a NULL pointer dereference in the `ifilter bank` function of the `libfaad/filtbank.c` component of the Freeware Advanced Audio Decoder 2 (FAAD2) audio decoder. This can be exploited by a remote attacker to cause a denial of service, resulting in an application crash due to a segmentation fault. The crash occurs because adding to windowed output is mishandled in the ONLY LONG SEQUENCE case. **Recommendations** For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, consider disabling the `ifilter bank` function as a temporary workaround until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8 **Description** A NULL pointer dereference was discovered in the ifilter bank function of libfaad/filtbank.c. This issue causes a segmentation fault and application crash due to mishandling of adding to windowed output in the EIGHT SHORT SEQUENCE case. The vulnerability can be exploited by a remote attacker to cause a denial of service when processing the EIGHT SHORT SEQUENCE case. **Recommendations** For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, consider disabling the ifilter bank function in libfaad/filtbank.c as a temporary workaround to prevent exploitation. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FAAC version 1.29.9.2 **Description** A denial of service issue was found due to an invalid memory address dereference in the `huffcode` function, located in `libfaac/huff2.c`. This issue leads to a segmentation fault and application crash, specifically in the book 4 case. **Recommendations** For FAAC version 1.29.9.2, consider applying a patch or fix to resolve the issue in the `huffcode` function to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FAAC version 1.29.9.2 **Description** A memory address dereference issue was found in the `huffcode` function, located in `libfaac/huff2.c`, which can cause a segmentation fault and application crash. This results in a denial of service. **Recommendations** For FAAC version 1.29.9.2, consider applying a patch or fix to the `huffcode` function to prevent the memory address dereference issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FAAC version 1.29.9.2 **Description** A denial of service issue was found due to an invalid memory address dereference in the `huffcode` function, located in `libfaac/huff2.c`. This issue leads to a segmentation fault and application crash. **Recommendations** For FAAC version 1.29.9.2, consider applying a patch or fix to the `huffcode` function in `libfaac/huff2.c` to prevent the invalid memory address dereference and subsequent denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FAAC version 1.29.9.2 **Description** A memory address dereference issue was found in the huffcode function, located in libfaac/huff2.c, which can cause a segmentation fault and application crash. This leads to a denial of service, specifically in the HCB ESC case. **Recommendations** For FAAC version 1.29.9.2, consider applying a patch or fix to resolve the issue in the huffcode function. As a temporary workaround, restrict the use of the huffcode function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FAAC version 1.29.9.2 **Description** A memory address dereference issue was found in the huffcode function, located in libfaac/huff2.c, which can cause a segmentation fault and application crash. This results in a denial of service, specifically in the book 8 case. **Recommendations** For FAAC version 1.29.9.2, consider restricting access to the huffcode function in libfaac/huff2.c to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FAAC version 1.29.9.2 **Description** A denial of service issue was found due to an invalid memory address dereference in the `huffcode` function, located in `libfaac/huff2.c`. This issue leads to a segmentation fault and application crash in the book 2 case. **Recommendations** For FAAC version 1.29.9.2, consider applying a patch or fix to resolve the issue with the `huffcode` function to prevent denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8 **Description** The issue is related to an invalid memory address dereference in the `hf assembly` function, which can cause a segmentation fault and application crash, leading to denial of service. This is due to a buffer overflow error, allowing an attacker to potentially cause a denial of service. **Recommendations** For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, consider disabling the `hf assembly` function as a temporary workaround until a patch is available. Restrict access to the affected audio decoder module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8 **Description** A NULL pointer dereference was discovered in the `sbr process channel` function of the libfaad/sbr dec.c module. This issue causes a segmentation fault and application crash, potentially allowing an attacker to cause a denial of service. **Recommendations** For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, consider disabling the `sbr process channel` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8 **Description** The issue is related to an invalid memory address dereference in the `lt prediction` function, which can cause a segmentation fault and application crash, leading to denial of service. This is due to a buffer overflow error, allowing an attacker to potentially cause a denial of service. **Recommendations** For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, consider disabling the `lt prediction` function as a temporary workaround until a patch is available. Restrict access to the affected `lt predict.c` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8 **Description** The issue is related to a stack-based buffer underflow in the `calculate gain` function. A crafted input can lead to a denial of service or possibly other impacts due to the mishandling of the additional noise energy level for the G max > G case. This can potentially allow a remote attacker to compromise data integrity, gain unauthorized access to protected information, and cause a denial of service. **Recommendations** For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, consider disabling the `calculate gain` function as a temporary workaround until a patch is available. Restrict access to the affected `libfaad/sbr hfadj.c` module to minimize the risk of exploitation. Avoid using crafted inputs that could trigger the buffer underflow until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8 **Description** The issue is related to a stack-based buffer underflow in the calculate gain function, specifically in the third instance of this function in libfaad/sbr hfadj.c. This underflow occurs due to the mishandling of the additional noise energy level when G max is less than or equal to G. A crafted input can lead to a denial of service or possibly other unspecified impacts. The vulnerability may allow an attacker to compromise data integrity, gain unauthorized access to protected information, and cause a denial of service. **Recommendations** For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, as a temporary workaround, consider disabling the `calculate gain` function until a patch is available. Restrict access to the libfaad/sbr hfadj.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8 **Description** A NULL pointer dereference was discovered in the `ifilter bank` function of `libfaad/filtbank.c`, which causes a segmentation fault and application crash. This leads to denial of service due to mishandling of adding to windowed output in the `LONG START SEQUENCE` case. The vulnerability can be exploited to cause a denial of service. **Recommendations** For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, consider applying a patch or fix that addresses the NULL pointer dereference issue in the `ifilter bank` function to prevent denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8 **Description** The issue is related to an invalid memory address dereference in the `sbrDecodeSingleFramePS` function, which can cause a segmentation fault and application crash, leading to denial of service. This is due to a buffer overflow error, allowing an attacker to potentially cause a denial of service. **Recommendations** For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, consider disabling the `sbrDecodeSingleFramePS` function as a temporary workaround until a patch is available. Restrict access to the `sbr dec.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8 **Description** A NULL pointer dereference was discovered in the `ic predict` function of `libfaad/ic predict.c`, which can cause a segmentation fault and application crash, leading to denial of service. The issue is related to the exploitation of this NULL pointer dereference, allowing an attacker to cause a service disruption. **Recommendations** For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, as a temporary workaround, consider disabling the `ic predict` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libming version 0.4.8 **Description** The issue is related to an invalid memory address dereference in the `decompileGETVARIABLE` function, which causes a segmentation fault and application crash. This results in a denial of service. **Recommendations** For libming version 0.4.8, update to a version released after 2018-03-12 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libming version 0.4.8 **Description** The issue is related to an invalid memory address dereference in the `decompileSingleArgBuiltInFunctionCall` function. This causes a segmentation fault, leading to an application crash and resulting in a denial of service. **Recommendations** For libming version 0.4.8, update to a version released after 2018-03-12 to resolve the issue.