CVE-2018-20360
Debian Security Advisory 5109-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
Se ha descubierto una desreferencia de dirección de memoria inválida en la función sbr_process_channel de libfaad/sbr_dec.c en Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Esta vulnerabilidad causa un error de segmentación y el cierre inesperado de la aplicación, lo que da lugar a una denegación de servicio.
Multiple vulnerabilities have been discovered in the freeware Advanced Audio Decoder, which may result in denial of service or potentially the execution of arbitrary code if malformed media files are processed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-22 CVE Reserved
- 2018-12-22 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-04-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html | Mailing List |
|
https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html | Mailing List |
|
URL | Date | SRC |
---|---|---|
https://github.com/knik0/faad2/issues/32 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202006-17 | 2022-04-22 | |
https://www.debian.org/security/2022/dsa-5109 | 2022-04-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Audiocoding Search vendor "Audiocoding" | Freeware Advanced Audio Decoder 2 Search vendor "Audiocoding" for product "Freeware Advanced Audio Decoder 2" | < 2.9.0 Search vendor "Audiocoding" for product "Freeware Advanced Audio Decoder 2" and version " < 2.9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
|