CVE-2018-7263

Name
CVE-2018-7263
Description
The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugzilla.suse.com/show_bug.cgi?id=1081784
Mailing List https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:underbit:libmad:*:*:*:*:*:*:*:* libmad >= None <= 0.15.1b

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libmad edge-community 0.15.1b-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
libmad 3.14-community 0.15.1b-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
libmad 3.11-main 0.15.1b-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
libmad 3.15-community 0.15.1b-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
libmad 3.16-community 0.15.1b-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
libmad 3.17-community 0.15.1b-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
libmad 3.18-community 0.15.1b-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
libmad 3.19-community 0.15.1b-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
libmad 3.20-community 0.15.1b-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
libmad 3.21-community 0.15.1b-r9 Natanael Copa <ncopa@alpinelinux.org> fixed