CVE-2018-20197

Priority
Description
There is a stack-based buffer underflow in the third instance of the
calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio
Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service
or possibly unspecified other impact because limiting the additional noise
energy level is mishandled for the G_max > G case.
Notes
 danielwang -> very similar to CVE-2018-20194, same fix:
 https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
Package
Source: faad2 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):not-affected (2.8.8-3ubuntu3)
More Information

Updated: 2019-08-23 07:53:46 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)