Vulnerability Name: | CVE-2018-20194 (CCN-154407) | ||||||||||||||||||||||||||||||||||||
Assigned: | 2018-12-16 | ||||||||||||||||||||||||||||||||||||
Published: | 2018-12-16 | ||||||||||||||||||||||||||||||||||||
Updated: | 2020-06-15 | ||||||||||||||||||||||||||||||||||||
Summary: | There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max <= G case. | ||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)
| ||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-787 | ||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-20194 Source: XF Type: UNKNOWN faad2-cve201820194-dos(154407) Source: CCN Type: FAAD2 GIT Repository stack-buffer-underflow in function calculate_gain(libfaad/sbr_hfadj.c:1314) #21 Source: MISC Type: Exploit, Third Party Advisory https://github.com/knik0/faad2/issues/21 Source: MLIST Type: UNKNOWN [debian-lts-announce] 20190519 [SECURITY] [DLA 1791-1] faad2 security update Source: BUGTRAQ Type: UNKNOWN 20190916 [SECURITY] [DSA 4522-1] faad2 security update Source: GENTOO Type: UNKNOWN GLSA-202006-17 Source: DEBIAN Type: UNKNOWN DSA-4522 | ||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
BACK |