CVE-2018-20358

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8

Description The issue is related to an invalid memory address dereference in the lt prediction function, which can cause a segmentation fault and application crash, leading to denial of service. This is due to a buffer overflow error, allowing an attacker to potentially cause a denial of service.

Recommendations For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, consider disabling the lt prediction function as a temporary workaround until a patch is available. Restrict access to the affected lt predict.c module to minimize the risk of exploitation.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2021-1316

ALT-PU-2021-1341

ALT-PU-2023-1579

BDU:2019-03604

CVE-2018-20358

DSA-4522-1

OPENSUSE-SU-2025:15214-1

Affected Products

Alt Linux

Faad2

CVE-2018-20358

Weakness Enumeration

Related Identifiers

Affected Products

References · 26