PT-2018-15140 · Freeware Advanced Audio Coder · Faac
Fantasy7082
·
Published
2018-12-06
·
Updated
2018-12-28
·
CVE-2018-19888
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
FAAC version 1.29.9.2
Description
A memory address dereference issue was found in the huffcode function, located in libfaac/huff2.c, which can cause a segmentation fault and application crash. This leads to a denial of service, specifically in the HCB ESC case.
Recommendations
For FAAC version 1.29.9.2, consider applying a patch or fix to resolve the issue in the huffcode function. As a temporary workaround, restrict the use of the huffcode function to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Faac