Gentoo update for FAAD2



Published: 2020-06-15 | Updated: 2020-06-15
Risk Medium
Patch available YES
Number of vulnerabilities 17
CVE-ID CVE-2018-19502
CVE-2018-19503
CVE-2018-19504
CVE-2018-20194
CVE-2018-20195
CVE-2018-20196
CVE-2018-20197
CVE-2018-20198
CVE-2018-20199
CVE-2018-20357
CVE-2018-20358
CVE-2018-20359
CVE-2018-20360
CVE-2018-20361
CVE-2018-20362
CVE-2019-15296
CVE-2019-6956
CWE-ID CWE-122
CWE-121
CWE-476
CWE-124
CWE-119
CWE-125
Exploitation vector Local
Public exploit Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #5 is available.
Public exploit code for vulnerability #6 is available.
Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #8 is available.
Public exploit code for vulnerability #9 is available.
Public exploit code for vulnerability #17 is available.
Vulnerable software
Subscribe 		Gentoo Linux
Operating systems & Components / Operating system

Vendor Gentoo

Security Bulletin

This security bulletin contains information about 17 vulnerabilities.

1) Heap-based buffer overflow

EUVDB-ID: #VU33377

Risk: Medium

CVSSv3.1: 7.1 [AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2018-19502

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the function excluded_channels() in libfaad/syntax.c. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stack-based buffer overflow

EUVDB-ID: #VU33378

Risk: Medium

CVSSv3.1: 7.1 [AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2018-19503

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the function calculate_gain() in libfaad/sbr_hfadj.c. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU33379

Risk: Medium

CVSSv3.1: 7.1 [AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2018-19504

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Stack-based buffer underflow

EUVDB-ID: #VU16630

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C]

CVE-ID: CVE-2018-20194

CWE-ID: CWE-124 - Buffer Underwrite ('Buffer Underflow')

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to the calculate_gain function, as defined in the libfaad/sbr_hfadj.c source code file of the affected software, mishandles noise energy level for the G_max <= G case. A local attacker can submit malicious input and trigger a stack-based buffer underflow condition that causes the affected software to crash, resulting in a DoS condition.

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) NULL pointer dereference

EUVDB-ID: #VU16633

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C]

CVE-ID: CVE-2018-20195

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to a NULL pointer dereference in ic_predict of libfaad/ic_predict.c. A local attacker can submit malicious input and trigger a segmentation fault that causes the affected software to crash, resulting in a DoS condition.

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Stack-based buffer overflow

EUVDB-ID: #VU16631

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C]

CVE-ID: CVE-2018-20196

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to the calculate_gain function, as defined in the libfaad/sbr_hfadj.c source code file of the affected software, mishandles the S_M array. A local attacker can submit malicious input and trigger a stack-based buffer overflow condition that causes the affected software to crash, resulting in a DoS condition.

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) Stack-based buffer underflow

EUVDB-ID: #VU16632

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C]

CVE-ID: CVE-2018-20197

CWE-ID: CWE-124 - Buffer Underwrite ('Buffer Underflow')

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to the calculate_gain function, as defined in the libfaad/sbr_hfadj.c source code file of the affected software, mishandles noise energy level for the G_max = G case. A local attacker can submit malicious input and trigger a stack-based buffer underflow condition that causes the affected software to crash, resulting in a DoS condition.

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) NULL pointer dereference

EUVDB-ID: #VU16634

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C]

CVE-ID: CVE-2018-20198

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to a NULL pointer dereference in ifilter_bank of libfaad/filtbank.c. A local attacker can submit trigger a segmentation fault that causes the affected software to crash, resulting in a DoS condition because adding to windowed output is mishandled in the LONG_START_SEQUENCE case.

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) NULL pointer dereference

EUVDB-ID: #VU16635

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C]

CVE-ID: CVE-2018-20199

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to a NULL pointer dereference in ifilter_bank of libfaad/filtbank.c. A local attacker can trigger a segmentation fault that causes the affected software to crash, resulting in a DoS condition because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case. 

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) NULL pointer dereference

EUVDB-ID: #VU33380

Risk: Medium

CVSSv3.1: 5.1 [AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2018-20357

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer overflow

EUVDB-ID: #VU33381

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-20358

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU33382

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-20359

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer overflow

EUVDB-ID: #VU33383

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-20360

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer overflow

EUVDB-ID: #VU33384

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-20361

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) NULL pointer dereference

EUVDB-ID: #VU33385

Risk: Medium

CVSSv3.1: 5.1 [AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2018-20362

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer overflow

EUVDB-ID: #VU33386

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15296

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(&ld->start[words], ld->bytes_left).

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

EUVDB-ID: #VU17323

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C]

CVE-ID: CVE-2019-6956

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition.

The vulnerability exists due to a buffer over-read condition in the ps_mix_phase function, as defined in the libfaad/ps_dec.c source code file. A local attacker can submit a malicious input to the targeted system, trigger a buffer over-read condition and cause the affected application to crash.

Mitigation

Update the affected packages.
media-libs/faad2 to version: 2.9.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202006-17


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###