SB2018122009 - Denial of service in Freeware Advanced Audio Decoder

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Stack-based buffer underflow (CVE-ID: CVE-2018-20194)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to the calculate_gain function, as defined in the libfaad/sbr_hfadj.c source code file of the affected software, mishandles noise energy level for the G_max <= G case. A local attacker can submit malicious input and trigger a stack-based buffer underflow condition that causes the affected software to crash, resulting in a DoS condition.

2) Stack-based buffer overflow (CVE-ID: CVE-2018-20196)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to the calculate_gain function, as defined in the libfaad/sbr_hfadj.c source code file of the affected software, mishandles the S_M array. A local attacker can submit malicious input and trigger a stack-based buffer overflow condition that causes the affected software to crash, resulting in a DoS condition.

3) Stack-based buffer underflow (CVE-ID: CVE-2018-20197)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to the calculate_gain function, as defined in the libfaad/sbr_hfadj.c source code file of the affected software, mishandles noise energy level for the G_max = G case. A local attacker can submit malicious input and trigger a stack-based buffer underflow condition that causes the affected software to crash, resulting in a DoS condition.

4) NULL pointer dereference (CVE-ID: CVE-2018-20195)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to a NULL pointer dereference in ic_predict of libfaad/ic_predict.c. A local attacker can submit malicious input and trigger a segmentation fault that causes the affected software to crash, resulting in a DoS condition.

5) NULL pointer dereference (CVE-ID: CVE-2018-20198)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to a NULL pointer dereference in ifilter_bank of libfaad/filtbank.c. A local attacker can submit trigger a segmentation fault that causes the affected software to crash, resulting in a DoS condition because adding to windowed output is mishandled in the LONG_START_SEQUENCE case.

6) NULL pointer dereference (CVE-ID: CVE-2018-20199)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to a NULL pointer dereference in ifilter_bank of libfaad/filtbank.c. A local attacker can trigger a segmentation fault that causes the affected software to crash, resulting in a DoS condition because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case. 

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://github.com/knik0/faad2/issues/21
• https://github.com/knik0/faad2/issues/19
• https://github.com/knik0/faad2/issues/20
• https://github.com/knik0/faad2/issues/25
• https://github.com/knik0/faad2/issues/23
• https://github.com/knik0/faad2/issues/24