cbcvebase.
CVE-2018-19503
published 2018-11-23

CVE-2018-19503: An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in…

high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c.

Affected

6 ranges
VendorProductVersion rangeFixed in
audiocodingfreeware_advanced_audio_decoder_2
debianfaad2< faad2 2.8.8-2 (bookworm)faad2 2.8.8-2 (bookworm)
faad2_projectfaad2>= 0 < 2.8.8-22.8.8-2
faad2_projectfaad2>= 0 < 2.8.8-22.8.8-2
faad2_projectfaad2>= 0 < 2.8.8-22.8.8-2
faad2_projectfaad2>= 0 < 2.8.8-22.8.8-2

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH