SUSE CVE-2018-20358

🗓️ 03 Jul 2025 23:40:05Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 1 Views

Invalid memory dereference in FAAD2 2.8.8 lt_prediction causes segfault and crash, enabling denial of service on Unix.

Reporter	Title	Published	Views	Family All 56
AlpineLinux	CVE-2018-20358	22 Dec 201815:00	–	alpinelinux
BDU FSTEC	The vulnerability of the lt_prediction function in the Freeware Advanced Audio Decoder 2 (FAAD2) allows a intruder to trigger a service failure.	16 Oct 201900:00	–	bdu_fstec
CNVD	FAAD2 Invalid Memory Address Dereference Vulnerability (CNVD-2019-07895)	24 Dec 201800:00	–	cnvd
CVE	CVE-2018-20358	22 Dec 201815:00	–	cve
Cvelist	CVE-2018-20358	22 Dec 201815:00	–	cvelist
Debian	[SECURITY] [DSA 4522-1] faad2 security update	15 Sep 201915:55	–	debian
Debian CVE	CVE-2018-20358	22 Dec 201815:00	–	debiancve
Tenable Nessus	Debian DSA-4522-1 : faad2 - security update	16 Sep 201900:00	–	nessus
Tenable Nessus	GLSA-202006-17 : FAAD2: Multiple vulnerabilities	17 Jun 202000:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2018-20358	30 Aug 202500:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	faad2	2.11.2-2.1	faad2-2.11.2-2.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	faad2-devel	2.11.2-2.1	faad2-devel-2.11.2-2.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	libfaad2	2.11.2-2.1	libfaad2-2.11.2-2.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	libfaad2-32bit	2.11.2-2.1	libfaad2-32bit-2.11.2-2.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	libfaad_drm2	2.11.2-2.1	libfaad_drm2-2.11.2-2.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	libfaad_drm2-32bit	2.11.2-2.1	libfaad_drm2-32bit-2.11.2-2.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2018-20358
suse	www.suse.com/support/security/rating/

03 Jul 2025 23:40Current

7.5High risk

Vulners AI Score7.5

CVSS 35.5

EPSS0.00189

Freeware Audio Decoder memory dereference segmentation fault denial of service lt_prediction function faad library