CVE-2018-20362
Debian Security Advisory 4522-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case.
Se ha descubierto una desreferencia de puntero NULL en ifilter_bank de libfaad/filtbank.c en Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Esta vulnerabilidad causa un error de segmentación y el cierre inesperado de la aplicación debido a que la adición en la salida con ventana se gestiona de manera incorrecta en el caso EIGHT_SHORT_SEQUENCE.
Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder. These vulnerabilities might allow remote attackers to cause denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC files are processed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-22 CVE Reserved
- 2018-12-22 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2019/05/msg00022.html | Mailing List |
|
https://seclists.org/bugtraq/2019/Sep/28 | Mailing List |
|
URL | Date | SRC |
---|---|---|
https://github.com/knik0/faad2/issues/26 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202006-17 | 2020-06-15 | |
https://www.debian.org/security/2019/dsa-4522 | 2020-06-15 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Audiocoding Search vendor "Audiocoding" | Freeware Advanced Audio Decoder 2 Search vendor "Audiocoding" for product "Freeware Advanced Audio Decoder 2" | 2.8.8 Search vendor "Audiocoding" for product "Freeware Advanced Audio Decoder 2" and version "2.8.8" | - |
Affected
|