Main Vulnerability Database SB2019112040

SB2019112040 - Buffer overflow in faac (Alpine package)

Published: November 20, 2019

Security Bulletin ID SB2019112040

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2018-19886)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 8 case.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=e0d69f194820956a67e4e9e2a8953242766cca85
https://git.alpinelinux.org/aports/commit/?id=239bf4e180913a772d25a7dfa70fa8c3e97c8bdb
https://git.alpinelinux.org/aports/commit/?id=d26ce7440e932bc093367b9d534ea858e1e3db71
https://git.alpinelinux.org/aports/commit/?id=5c54dd554588857a41293c417766f3ca912eed3b
https://git.alpinelinux.org/aports/commit/?id=959bbf312f51a2082438b065a1da3ed6b3e852ee