CVE-2018-20361

CVE-2018-20361

Name

CVE-2018-20361

Description

An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://github.com/knik0/faad2/issues/30
DEBIAN	https://www.debian.org/security/2019/dsa-4522
BUGTRAQ	https://seclists.org/bugtraq/2019/Sep/28
GENTOO	https://security.gentoo.org/glsa/202006-17

Type

URI

Exploit

https://github.com/knik0/faad2/issues/30

DEBIAN

https://www.debian.org/security/2019/dsa-4522

BUGTRAQ

https://seclists.org/bugtraq/2019/Sep/28

GENTOO

https://security.gentoo.org/glsa/202006-17

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2:2.8.8:::::::*`	freeware_advanced_audio_decoder_2	== None	== 2.8.8

CPE URI

Source package

Min version

Max version

cpe:2.3:a:audiocoding:freeware_advanced_audio_decoder_2:2.8.8:*:*:*:*:*:*:*

freeware_advanced_audio_decoder_2

== None

== 2.8.8

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
faad2	edge-community	2.9.0-r0	None	fixed
faad2	3.22-community	2.9.0-r0	None	fixed
faad2	3.21-community	2.9.0-r0	None	fixed
faad2	3.20-community	2.9.0-r0	None	fixed
faad2	3.19-community	2.9.0-r0	None	fixed
faad2	3.18-community	2.9.0-r0	None	fixed
faad2	3.17-community	2.9.0-r0	None	fixed
faad2	3.11-main	2.9.0-r0	None	fixed
faad2	3.10-main	2.9.0-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

faad2

edge-community

2.9.0-r0

None

fixed

faad2

3.22-community