CVE-2018-7263

The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
underbitlibmad
𝑥
≤ 0.15.1b
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libmad
artful
ignored
bionic
not-affected
cosmic
not-affected
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
not-affected
xenial
not-affected
mpg321
bionic
needs-triage
cosmic
ignored
disco
ignored
eoan
ignored
focal
needs-triage
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
dne
xenial
needs-triage
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
SDL
RHEL 8
0:1.2.15-37.el8
fixed
SDL-devel
RHEL 8
0:1.2.15-37.el8
fixed
SDL2
RHEL 8
0:2.0.10-2.el8
fixed
SDL2-devel
RHEL 8
0:2.0.10-2.el8
fixed
SDL2-static
RHEL 8
0:2.0.10-2.el8
fixed
gstreamer1
RHEL 8
0:1.16.1-2.el8
fixed
gstreamer1-devel
RHEL 8
0:1.16.1-2.el8
fixed
gstreamer1-plugins-bad-free
RHEL 8
0:1.16.1-1.el8
fixed
gstreamer1-plugins-bad-free-devel
RHEL 8
0:1.16.1-1.el8
fixed
gstreamer1-plugins-base
RHEL 8
0:1.16.1-1.el8
fixed
gstreamer1-plugins-base-devel
RHEL 8
0:1.16.1-1.el8
fixed
gstreamer1-plugins-good
RHEL 8
0:1.16.1-1.el8
fixed
gstreamer1-plugins-good-gtk
RHEL 8
0:1.16.1-1.el8
fixed
gstreamer1-plugins-ugly-free
RHEL 8
0:1.16.1-1.el8
fixed
libmad
RHEL 8
0:0.15.1b-25.el8
fixed
libmad-devel
RHEL 8
0:0.15.1b-25.el8
fixed
orc
RHEL 8
0:0.4.28-3.el8
fixed
orc-compiler
RHEL 8
0:0.4.28-3.el8
fixed
orc-devel
RHEL 8
0:0.4.28-3.el8
fixed
Common Weakness Enumeration
References
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608
https://bugzilla.suse.com/show_bug.cgi?id=1081784
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608
https://bugzilla.suse.com/show_bug.cgi?id=1081784