15 matches found
CVE-2018-20360
FAAD2 (libfaad) vulnerability CVE-2018-20360 arises from an invalid memory address dereference in sbr_process_channel (libfaad/sbr_dec.c), on FAAD2 2.8.8, causing segmentation fault and denial of service. Connected advisories confirm this issue among multiple FAAD2 CVEs and document patches acros...
CVE-2018-20199
CVE-2018-20199 affects FAAD2 2.8.8 (libfaad/filtbank.c) with a NULL pointer dereference in ifilter_bank, causing segmentation fault and DoS due to mishandling in ONLY_LONG_SEQUENCE. Multiple advisories (Debian DSA-5109/DSA-1899, Debian DLA-2792, Gentoo GLSA-202006-17) document this and urge upgra...
CVE-2018-19502
CVE-2018-19502 affects FAAD2 2.8.1: heap-based overflow in excluded_channels() (libfaad/syntax.c). Exploitation could enable denial of service via crafted MPEG AAC data. Advisory remediation: upgrade FAAD2 to at least 2.9.0 (per GLSA 202006-17) or equivalent Debian/DSA-4522/DLA-1899 guidance; Deb...
CVE-2018-20357
CVE-2018-20357 affects FAAD2 (Freeware Advanced Audio Decoder) 2.8.8. The vulnerability is a NULL pointer dereference in sbr_process_channel (libfaad/sbr_dec.c) that can cause a segmentation fault and application crash. Mitigation is to upgrade FAAD2 to a newer version; Gentoo GLSA-202006-17 and ...
CVE-2018-20196
CVE-2018-20196 affects FAAD2 (Freeware Advanced Audio Decoder) 2.8.8, with a stack-based buffer overflow in the third instance of calculate_gain (libfaad/sbr_hfadj.c) caused by mishandling the S_M array. The vulnerability could lead to denial of service or other unspecified impact. Public advisor...
CVE-2018-20362
A vulnerability in FAAD2 2.8.8 (libfaad/filtbank.c: ifilter_bank) causes a NULL pointer dereference that leads to a segmentation fault and crash when adding to windowed output in the EIGHT_SHORT_SEQUENCE case. Affected software is FAAD2, with CVE-2018-20362 among multiple issues; remediation is t...
CVE-2018-20197
CVE-2018-20197 refers to a stack-based buffer underflow in FAAD2 (Freeware Advanced Audio Decoder) 2.8.8, in the third instance of calculate_gain within libfaad/sbr_hfadj.c. A crafted input may cause denial of service or unspecified impact due to mishandling of the G_max > G case. Connected so...
CVE-2018-20361
CVE-2018-20361 affects FAAD2 (Freeware Advanced Audio Decoder) 2.8.8, where an invalid memory address dereference in libfaad/sbr_hfadj.c:hf_assembly can trigger a segmentation fault and crash the application, leading to a denial of service. Connected sources confirm this vulnerability in FAAD2 an...
CVE-2018-20194
CVE-2018-20194 affects FAAD2 (FAAD2 2.8.8) via a stack-based buffer underflow in the third instance of calculate_gain() in libfaad/sbr_hfadj.c. A crafted input can cause denial of service or other unspecified impact by mishandling G_max
CVE-2018-20198
CVE-2018-20198 affects FAAD2 (libfaad) 2.8.8 with a NULL pointer dereference in ifilter_bank/filtbank.c, causing a segmentation fault and denial of service when handling LONG_START_SEQUENCE windowed output. Connected advisories confirm multiple FAAD2 vulnerabilities; remediation guidance across s...
CVE-2018-20358
CVE-2018-20358 affects FAAD2 2.8.8; the invalid memory address dereference occurs in libfaad/lt_predict.c (lt_prediction) causing a segmentation fault and DoS. Publicly documented mitigations in connected sources include upgrading FAAD2 to 2.9.0 or newer (e.g., Gentoo GLSA-202006-17 recommends up...
CVE-2018-20359
CVE-2018-20359 affects FAAD2 2.8.8, where an invalid memory address dereference in libfaad/sbr_dec.c (sbrDecodeSingleFramePS) can cause a segmentation fault and application crash, resulting in a denial of service. Public advisories in connected docs indicate multiple vendors track this in FAAD2 a...
CVE-2018-19504
CVE-2018-19504 affects FAAD2 2.8.1, with a NULL pointer dereference in ifilter_bank() (libfaad/filtbank.c). Supported documents consistently describe this vulnerability across multiple feeds (NVD, CNVD, Debian DSAs, Gentoo GLSA) and indicate exposure in FAAD2; no exploit details are provided in t...
CVE-2018-19503
CVE-2018-19503 affects FAAD2 2.8.1: a stack-based buffer overflow in libfaad/sbr_hfadj.c (calculate_gain) could enable denial of service or code execution. Several sources corroborate FAAD2 vulnerabilities; Debian GLSA/DSA recommendations urge upgrading to newer FAAD2 (e.g., 2.9.0+). If upgrading...
CVE-2018-20195
CVE-2018-20195 affects FAAD2 up to version 2.8.8, where a NULL pointer dereference in ic_predict.c can cause a segmentation fault and denial of service. Public advisories (Debian DSA-4522, Gentoo GLSA-202006-17) recommend upgrading FAAD2 to a newer release (Gentoo: >= faad2-2.9.0). Other listi...