CVE-2018-20194

Name of the Vulnerable Software and Affected Versions Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8

Description The issue is related to a stack-based buffer underflow in the calculate gain function, specifically in the third instance of this function in libfaad/sbr hfadj.c. This underflow occurs due to the mishandling of the additional noise energy level when G max is less than or equal to G. A crafted input can lead to a denial of service or possibly other unspecified impacts. The vulnerability may allow an attacker to compromise data integrity, gain unauthorized access to protected information, and cause a denial of service.

Recommendations For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, as a temporary workaround, consider disabling the calculate gain function until a patch is available. Restrict access to the libfaad/sbr hfadj.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.