CVE-2018-20196

Name of the Vulnerable Software and Affected Versions Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8

Description The issue is related to a stack-based buffer overflow in the calculate gain function within the libfaad/sbr hfadj.c component of the Freeware Advanced Audio Decoder 2 (FAAD2). This overflow occurs due to the mishandling of the S M array. A crafted input can lead to a denial of service or potentially other unspecified impacts. Additionally, the vulnerability can be exploited by a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For Freeware Advanced Audio Decoder 2 (FAAD2) version 2.8.8, consider applying a patch or update that fixes the calculate gain function in libfaad/sbr hfadj.c to prevent the stack-based buffer overflow. As a temporary workaround, restrict the use of the calculate gain function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.