CVE Vulnerabilities

CVE-2018-7263

Double Free

Published: Feb 20, 2018 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM

The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Libmad Underbit * 0.15.1b (including)
Red Hat Enterprise Linux 8 RedHat gstreamer1-0:1.16.1-2.el8 *
Red Hat Enterprise Linux 8 RedHat gstreamer1-plugins-bad-free-0:1.16.1-1.el8 *
Red Hat Enterprise Linux 8 RedHat gstreamer1-plugins-base-0:1.16.1-1.el8 *
Red Hat Enterprise Linux 8 RedHat gstreamer1-plugins-good-0:1.16.1-1.el8 *
Red Hat Enterprise Linux 8 RedHat gstreamer1-plugins-ugly-free-0:1.16.1-1.el8 *
Red Hat Enterprise Linux 8 RedHat libmad-0:0.15.1b-25.el8 *
Red Hat Enterprise Linux 8 RedHat orc-0:0.4.28-3.el8 *
Red Hat Enterprise Linux 8 RedHat SDL-0:1.2.15-37.el8 *
Red Hat Enterprise Linux 8 RedHat SDL2-0:2.0.10-2.el8 *
Libmad Ubuntu artful *
Mpg321 Ubuntu bionic *
Mpg321 Ubuntu cosmic *
Mpg321 Ubuntu disco *
Mpg321 Ubuntu eoan *
Mpg321 Ubuntu groovy *
Mpg321 Ubuntu hirsute *
Mpg321 Ubuntu impish *
Mpg321 Ubuntu kinetic *
Mpg321 Ubuntu lunar *
Mpg321 Ubuntu mantic *
Mpg321 Ubuntu trusty *
Mpg321 Ubuntu xenial *

Potential Mitigations

References