CVE-2018-20198

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8

Description A NULL pointer dereference was discovered in the ifilter bank function of libfaad/filtbank.c, which causes a segmentation fault and application crash. This leads to denial of service due to mishandling of adding to windowed output in the LONG START SEQUENCE case. The vulnerability can be exploited to cause a denial of service.

Recommendations For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, consider applying a patch or fix that addresses the NULL pointer dereference issue in the ifilter bank function to prevent denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2021-1316

ALT-PU-2021-1341

ALT-PU-2023-1579

BDU:2019-03602

CVE-2018-20198

DLA-1791-1

DSA-4522-1

Affected Products

Alt Linux

Faad2

CVE-2018-20198

Weakness Enumeration

Related Identifiers

Affected Products

References · 115