Vulnerabilities > CVE-2018-7263 - Double Free vulnerability in Underbit Libmad 0.15.0B/0.15.1B

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
underbit
CWE-415
critical
NVD
Published: 2018-02-20
Updated: 2018-03-19

Summary

The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552.

Vulnerable Configurations

Part Description Count
Application
Underbit
2

Common Weakness Enumeration (CWE)

Redhat

advisories
bugzilla
id1756299
title[Rebase] Rebase gstreamer1 to 1.16.1
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 8 is installed
      ovaloval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • commentorc-debugsource is earlier than 0:0.4.28-3.el8
          ovaloval:com.redhat.rhsa:tst:20201631001
        • commentorc-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201631002
      • AND
        • commentorc-devel is earlier than 0:0.4.28-3.el8
          ovaloval:com.redhat.rhsa:tst:20201631003
        • commentorc-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152116086
      • AND
        • commentorc-compiler is earlier than 0:0.4.28-3.el8
          ovaloval:com.redhat.rhsa:tst:20201631005
        • commentorc-compiler is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152116088
      • AND
        • commentorc is earlier than 0:0.4.28-3.el8
          ovaloval:com.redhat.rhsa:tst:20201631007
        • commentorc is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152116082
      • AND
        • commentgstreamer1-plugins-bad-free-debugsource is earlier than 0:1.16.1-1.el8
          ovaloval:com.redhat.rhsa:tst:20201631009
        • commentgstreamer1-plugins-bad-free-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201631010
      • AND
        • commentgstreamer1-plugins-bad-free-devel is earlier than 0:1.16.1-1.el8
          ovaloval:com.redhat.rhsa:tst:20201631011
        • commentgstreamer1-plugins-bad-free-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20170021002
      • AND
        • commentgstreamer1-plugins-bad-free is earlier than 0:1.16.1-1.el8
          ovaloval:com.redhat.rhsa:tst:20201631013
        • commentgstreamer1-plugins-bad-free is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20170021004
      • AND
        • commentgstreamer1-plugins-base-debugsource is earlier than 0:1.16.1-1.el8
          ovaloval:com.redhat.rhsa:tst:20201631015
        • commentgstreamer1-plugins-base-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201631016
      • AND
        • commentgstreamer1-plugins-base-devel is earlier than 0:1.16.1-1.el8
          ovaloval:com.redhat.rhsa:tst:20201631017
        • commentgstreamer1-plugins-base-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20172060028
      • AND
        • commentgstreamer1-plugins-base is earlier than 0:1.16.1-1.el8
          ovaloval:com.redhat.rhsa:tst:20201631019
        • commentgstreamer1-plugins-base is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20172060032
      • AND
        • commentgstreamer1-plugins-good-debugsource is earlier than 0:1.16.1-1.el8
          ovaloval:com.redhat.rhsa:tst:20201631021
        • commentgstreamer1-plugins-good-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201631022
      • AND
        • commentgstreamer1-plugins-good-gtk is earlier than 0:1.16.1-1.el8
          ovaloval:com.redhat.rhsa:tst:20201631023
        • commentgstreamer1-plugins-good-gtk is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201631024
      • AND
        • commentgstreamer1-plugins-good is earlier than 0:1.16.1-1.el8
          ovaloval:com.redhat.rhsa:tst:20201631025
        • commentgstreamer1-plugins-good is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20170020002
      • AND
        • commentgstreamer1-plugins-ugly-free-debugsource is earlier than 0:1.16.1-1.el8
          ovaloval:com.redhat.rhsa:tst:20201631027
        • commentgstreamer1-plugins-ugly-free-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201631028
      • AND
        • commentgstreamer1-plugins-ugly-free is earlier than 0:1.16.1-1.el8
          ovaloval:com.redhat.rhsa:tst:20201631029
        • commentgstreamer1-plugins-ugly-free is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201631030
      • AND
        • commentgstreamer1-debugsource is earlier than 0:1.16.1-2.el8
          ovaloval:com.redhat.rhsa:tst:20201631031
        • commentgstreamer1-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201631032
      • AND
        • commentgstreamer1-devel is earlier than 0:1.16.1-2.el8
          ovaloval:com.redhat.rhsa:tst:20201631033
        • commentgstreamer1-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20172060034
      • AND
        • commentgstreamer1 is earlier than 0:1.16.1-2.el8
          ovaloval:com.redhat.rhsa:tst:20201631035
        • commentgstreamer1 is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20172060038
      • AND
        • commentSDL-debugsource is earlier than 0:1.2.15-37.el8
          ovaloval:com.redhat.rhsa:tst:20201631037
        • commentSDL-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20193553004
      • AND
        • commentSDL-devel is earlier than 0:1.2.15-37.el8
          ovaloval:com.redhat.rhsa:tst:20201631039
        • commentSDL-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20193553008
      • AND
        • commentSDL is earlier than 0:1.2.15-37.el8
          ovaloval:com.redhat.rhsa:tst:20201631041
        • commentSDL is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20193553006
      • AND
        • commentSDL2-debugsource is earlier than 0:2.0.10-2.el8
          ovaloval:com.redhat.rhsa:tst:20201631043
        • commentSDL2-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201631044
      • AND
        • commentSDL2-static is earlier than 0:2.0.10-2.el8
          ovaloval:com.redhat.rhsa:tst:20201631045
        • commentSDL2-static is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201631046
      • AND
        • commentSDL2-devel is earlier than 0:2.0.10-2.el8
          ovaloval:com.redhat.rhsa:tst:20201631047
        • commentSDL2-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201631048
      • AND
        • commentSDL2 is earlier than 0:2.0.10-2.el8
          ovaloval:com.redhat.rhsa:tst:20201631049
        • commentSDL2 is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201631050
      • AND
        • commentlibmad-debugsource is earlier than 0:0.15.1b-25.el8
          ovaloval:com.redhat.rhsa:tst:20201631051
        • commentlibmad-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201631052
      • AND
        • commentlibmad-devel is earlier than 0:0.15.1b-25.el8
          ovaloval:com.redhat.rhsa:tst:20201631053
        • commentlibmad-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201631054
      • AND
        • commentlibmad is earlier than 0:0.15.1b-25.el8
          ovaloval:com.redhat.rhsa:tst:20201631055
        • commentlibmad is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201631056
rhsa
idRHSA-2020:1631
released2020-04-28
severityLow
titleRHSA-2020:1631: GStreamer, libmad, and SDL security, bug fix, and enhancement update (Low)
rpms
  • SDL-0:1.2.15-37.el8
  • SDL-debuginfo-0:1.2.15-37.el8
  • SDL-debugsource-0:1.2.15-37.el8
  • SDL-devel-0:1.2.15-37.el8
  • SDL2-0:2.0.10-2.el8
  • SDL2-debuginfo-0:2.0.10-2.el8
  • SDL2-debugsource-0:2.0.10-2.el8
  • SDL2-devel-0:2.0.10-2.el8
  • SDL2-static-0:2.0.10-2.el8
  • gstreamer1-0:1.16.1-2.el8
  • gstreamer1-debuginfo-0:1.16.1-2.el8
  • gstreamer1-debugsource-0:1.16.1-2.el8
  • gstreamer1-devel-0:1.16.1-2.el8
  • gstreamer1-plugins-bad-free-0:1.16.1-1.el8
  • gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-1.el8
  • gstreamer1-plugins-bad-free-debugsource-0:1.16.1-1.el8
  • gstreamer1-plugins-bad-free-devel-0:1.16.1-1.el8
  • gstreamer1-plugins-base-0:1.16.1-1.el8
  • gstreamer1-plugins-base-debuginfo-0:1.16.1-1.el8
  • gstreamer1-plugins-base-debugsource-0:1.16.1-1.el8
  • gstreamer1-plugins-base-devel-0:1.16.1-1.el8
  • gstreamer1-plugins-base-tools-debuginfo-0:1.16.1-1.el8
  • gstreamer1-plugins-good-0:1.16.1-1.el8
  • gstreamer1-plugins-good-debuginfo-0:1.16.1-1.el8
  • gstreamer1-plugins-good-debugsource-0:1.16.1-1.el8
  • gstreamer1-plugins-good-gtk-0:1.16.1-1.el8
  • gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-1.el8
  • gstreamer1-plugins-ugly-free-0:1.16.1-1.el8
  • gstreamer1-plugins-ugly-free-debuginfo-0:1.16.1-1.el8
  • gstreamer1-plugins-ugly-free-debugsource-0:1.16.1-1.el8
  • libmad-0:0.15.1b-25.el8
  • libmad-debuginfo-0:0.15.1b-25.el8
  • libmad-debugsource-0:0.15.1b-25.el8
  • libmad-devel-0:0.15.1b-25.el8
  • orc-0:0.4.28-3.el8
  • orc-compiler-0:0.4.28-3.el8
  • orc-compiler-debuginfo-0:0.4.28-3.el8
  • orc-debuginfo-0:0.4.28-3.el8
  • orc-debugsource-0:0.4.28-3.el8
  • orc-devel-0:0.4.28-3.el8

References