CVE-2018-7263

Published: Feb 20, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552.

Affected (1)

Products: Underbit: Libmad

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Underbit Libmad	Up to 0.15.1b

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (4)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1081784

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1081784

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.