CVE-2018-20360

Published: 12/22/2018 Last updated: 8/5/2024 Reserved: 12/22/2018

An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (2)

conf-faad faad

Products affected (1)

Product	Vendor	Version
n/a	n/a	All versions prior to and including 14.2, 13.4, and 11.9, and all versions prior to the November 2022 release

References (10)

https://github.com/knik0/faad2/issues/32
https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html
https://security.gentoo.org/glsa/202006-17
https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html
https://www.debian.org/security/2022/dsa-5109
https://github.com/knik0/faad2/issues/32
https://lists.debian.org/debian-lts-announce/2019/08/msg00033.html
https://security.gentoo.org/glsa/202006-17
https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html
https://www.debian.org/security/2022/dsa-5109