You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
sbr->M is set by derived_frequency_table() from user-passed input
without checking for > MAX_M.
This leads to out-of-bounds accesses later, crashes and potential
security relevant issues. It should be considered a fatal error for
the SBR block.
return error code if sbr->M > MAX_M.
also, in some cases sbr_extension_data() ignores the return value of
calc_sbr_tables, probably assuming that sbr is always valid. It should
almost certainly not do that.
fixesknik0#19 (CVE-2018-20196).
hlef
added a commit
to hlef/faad2
that referenced
this issue
Aug 10, 2019
sbr->M is set by derived_frequency_table() from user-passed input
without checking for > MAX_M.
This leads to out-of-bounds accesses later, crashes and potential
security relevant issues. It should be considered a fatal error for
the SBR block.
return error code if sbr->M > MAX_M.
also, in some cases sbr_extension_data() ignores the return value of
calc_sbr_tables, probably assuming that sbr is always valid. It should
almost certainly not do that.
fixesknik0#19 (CVE-2018-20196).
Hi, i found a stack-buffer-overflow bug in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8, the details are below(ASAN):
POC FILE:https://github.com/fantasy7082/image_test/blob/master/013-stack-buffer-overflow-sbr_hfadj_1287
The text was updated successfully, but these errors were encountered: