CVE-2018-20194

Priority
Description
There is a stack-based buffer underflow in the third instance of the
calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio
Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service
or possibly unspecified other impact because limiting the additional noise
energy level is mishandled for the G_max <= G case.
Package
Source: faad2 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):ignored (reached end-of-life)
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):not-affected (2.8.8-3ubuntu3)
More Information

Updated: 2019-07-18 17:34:11 UTC (commit 649f8c6455205380e35ed054e9ea734222c716bb)