cbcvebase.
CVE-2018-19502
published 2018-11-23

CVE-2018-19502: An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in…

high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c.

Affected

6 ranges
VendorProductVersion rangeFixed in
audiocodingfreeware_advanced_audio_decoder_2
debianfaad2< faad2 2.8.8-3 (bookworm)faad2 2.8.8-3 (bookworm)
faad2_projectfaad2>= 0 < 2.8.8-32.8.8-3
faad2_projectfaad2>= 0 < 2.8.8-32.8.8-3
faad2_projectfaad2>= 0 < 2.8.8-32.8.8-3
faad2_projectfaad2>= 0 < 2.8.8-32.8.8-3

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH