CVE-2018-20197

Name of the Vulnerable Software and Affected Versions Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8

Description The issue is related to a stack-based buffer underflow in the calculate gain function. A crafted input can lead to a denial of service or possibly other impacts due to the mishandling of the additional noise energy level for the G max > G case. This can potentially allow a remote attacker to compromise data integrity, gain unauthorized access to protected information, and cause a denial of service.

Recommendations For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, consider disabling the calculate gain function as a temporary workaround until a patch is available. Restrict access to the affected libfaad/sbr hfadj.c module to minimize the risk of exploitation. Avoid using crafted inputs that could trigger the buffer underflow until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.