Unrated severityOSV Advisory· Published Dec 18, 2018· Updated Aug 5, 2024

CVE-2018-20199

Description

A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case.

Affected products

GitHub/knik0/Faad2OSV
Range: 2_8_0, 2_8_1, 2_8_2, …
osv-coords
pkg:rpm/opensuse/faad2&distro=openSUSE%20Tumbleweed
Range: < 2.11.2-2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202006-17mitrevendor-advisoryx_refsource_GENTOO
www.debian.org/security/2022/dsa-5109mitrevendor-advisoryx_refsource_DEBIAN
github.com/knik0/faad2/issues/24mitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2019/08/msg00033.htmlmitremailing-listx_refsource_MLIST
lists.debian.org/debian-lts-announce/2021/10/msg00020.htmlmitremailing-listx_refsource_MLIST

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000