CVE-2018-20196
Debian Security Advisory 5109-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.
Hay un desbordamiento de búfer basado en pila en la tercera instancia de la función calculate_gain en libfaad/sbr_hfadj.c en Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Se podría realizar un ataque de denegación de servicio u otro tipo de impacto sin especificar debido a que el array S_M se gestiona de manera incorrecta.
Multiple vulnerabilities have been discovered in the freeware Advanced Audio Decoder, which may result in denial of service or potentially the execution of arbitrary code if malformed media files are processed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-17 CVE Reserved
- 2018-12-18 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-05-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html | Mailing List |
|
URL | Date | SRC |
---|---|---|
https://github.com/knik0/faad2/issues/19 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202006-17 | 2022-04-22 | |
https://www.debian.org/security/2022/dsa-5109 | 2022-04-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Audiocoding Search vendor "Audiocoding" | Freeware Advanced Audio Decoder 2 Search vendor "Audiocoding" for product "Freeware Advanced Audio Decoder 2" | 2.8.8 Search vendor "Audiocoding" for product "Freeware Advanced Audio Decoder 2" and version "2.8.8" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
|