CVE-2018-19886

Name
CVE-2018-19886
Description
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 8 case.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://github.com/knik0/faac/issues/23

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:audiocoding:freeware_advanced_audio_coder:1.29.9.2:*:*:*:*:*:*:* freeware_advanced_audio_coder == None == 1.29.9.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
faac 3.11-main 1.30-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
faac 3.10-main 1.30-r0 Natanael Copa <ncopa@alpinelinux.org> fixed