1. CVE-Search
  2. CVE-2018-7263
ID CVE-2018-7263
Summary The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552.
References
Vulnerable Configurations
  • cpe:2.3:a:underbit:libmad:0.15.0b:*:*:*:*:*:*:*
    cpe:2.3:a:underbit:libmad:0.15.0b:*:*:*:*:*:*:*
  • cpe:2.3:a:underbit:libmad:0.15.1b:*:*:*:*:*:*:*
    cpe:2.3:a:underbit:libmad:0.15.1b:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 19-03-2018 - 18:34)
Impact:
Exploitability:
CWE CWE-415
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 1756299
title [Rebase] Rebase gstreamer1 to 1.16.1
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment orc is earlier than 0:0.4.28-3.el8
          oval oval:com.redhat.rhsa:tst:20201631001
        • comment orc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20152116082
      • AND
        • comment orc-compiler is earlier than 0:0.4.28-3.el8
          oval oval:com.redhat.rhsa:tst:20201631003
        • comment orc-compiler is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20152116084
      • AND
        • comment orc-debugsource is earlier than 0:0.4.28-3.el8
          oval oval:com.redhat.rhsa:tst:20201631005
        • comment orc-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201631006
      • AND
        • comment orc-devel is earlier than 0:0.4.28-3.el8
          oval oval:com.redhat.rhsa:tst:20201631007
        • comment orc-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20152116086
      • AND
        • comment gstreamer1-plugins-bad-free is earlier than 0:1.16.1-1.el8
          oval oval:com.redhat.rhsa:tst:20201631009
        • comment gstreamer1-plugins-bad-free is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20170021002
      • AND
        • comment gstreamer1-plugins-bad-free-debugsource is earlier than 0:1.16.1-1.el8
          oval oval:com.redhat.rhsa:tst:20201631011
        • comment gstreamer1-plugins-bad-free-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201631012
      • AND
        • comment gstreamer1-plugins-bad-free-devel is earlier than 0:1.16.1-1.el8
          oval oval:com.redhat.rhsa:tst:20201631013
        • comment gstreamer1-plugins-bad-free-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20170021004
      • AND
        • comment gstreamer1-plugins-base is earlier than 0:1.16.1-1.el8
          oval oval:com.redhat.rhsa:tst:20201631015
        • comment gstreamer1-plugins-base is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20172060026
      • AND
        • comment gstreamer1-plugins-base-debugsource is earlier than 0:1.16.1-1.el8
          oval oval:com.redhat.rhsa:tst:20201631017
        • comment gstreamer1-plugins-base-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201631018
      • AND
        • comment gstreamer1-plugins-base-devel is earlier than 0:1.16.1-1.el8
          oval oval:com.redhat.rhsa:tst:20201631019
        • comment gstreamer1-plugins-base-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20172060028
      • AND
        • comment gstreamer1-plugins-good is earlier than 0:1.16.1-1.el8
          oval oval:com.redhat.rhsa:tst:20201631021
        • comment gstreamer1-plugins-good is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20170020002
      • AND
        • comment gstreamer1-plugins-good-debugsource is earlier than 0:1.16.1-1.el8
          oval oval:com.redhat.rhsa:tst:20201631023
        • comment gstreamer1-plugins-good-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201631024
      • AND
        • comment gstreamer1-plugins-good-gtk is earlier than 0:1.16.1-1.el8
          oval oval:com.redhat.rhsa:tst:20201631025
        • comment gstreamer1-plugins-good-gtk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201631026
      • AND
        • comment gstreamer1-plugins-ugly-free is earlier than 0:1.16.1-1.el8
          oval oval:com.redhat.rhsa:tst:20201631027
        • comment gstreamer1-plugins-ugly-free is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201631028
      • AND
        • comment gstreamer1-plugins-ugly-free-debugsource is earlier than 0:1.16.1-1.el8
          oval oval:com.redhat.rhsa:tst:20201631029
        • comment gstreamer1-plugins-ugly-free-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201631030
      • AND
        • comment gstreamer1 is earlier than 0:1.16.1-2.el8
          oval oval:com.redhat.rhsa:tst:20201631031
        • comment gstreamer1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20172060034
      • AND
        • comment gstreamer1-debugsource is earlier than 0:1.16.1-2.el8
          oval oval:com.redhat.rhsa:tst:20201631033
        • comment gstreamer1-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201631034
      • AND
        • comment gstreamer1-devel is earlier than 0:1.16.1-2.el8
          oval oval:com.redhat.rhsa:tst:20201631035
        • comment gstreamer1-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20172060036
      • AND
        • comment SDL is earlier than 0:1.2.15-37.el8
          oval oval:com.redhat.rhsa:tst:20201631037
        • comment SDL is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193553004
      • AND
        • comment SDL-debugsource is earlier than 0:1.2.15-37.el8
          oval oval:com.redhat.rhsa:tst:20201631039
        • comment SDL-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193553006
      • AND
        • comment SDL-devel is earlier than 0:1.2.15-37.el8
          oval oval:com.redhat.rhsa:tst:20201631041
        • comment SDL-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193553008
      • AND
        • comment SDL2 is earlier than 0:2.0.10-2.el8
          oval oval:com.redhat.rhsa:tst:20201631043
        • comment SDL2 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201631044
      • AND
        • comment SDL2-debugsource is earlier than 0:2.0.10-2.el8
          oval oval:com.redhat.rhsa:tst:20201631045
        • comment SDL2-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201631046
      • AND
        • comment SDL2-devel is earlier than 0:2.0.10-2.el8
          oval oval:com.redhat.rhsa:tst:20201631047
        • comment SDL2-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201631048
      • AND
        • comment SDL2-static is earlier than 0:2.0.10-2.el8
          oval oval:com.redhat.rhsa:tst:20201631049
        • comment SDL2-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201631050
      • AND
        • comment libmad is earlier than 0:0.15.1b-25.el8
          oval oval:com.redhat.rhsa:tst:20201631051
        • comment libmad is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201631052
      • AND
        • comment libmad-debugsource is earlier than 0:0.15.1b-25.el8
          oval oval:com.redhat.rhsa:tst:20201631053
        • comment libmad-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201631054
      • AND
        • comment libmad-devel is earlier than 0:0.15.1b-25.el8
          oval oval:com.redhat.rhsa:tst:20201631055
        • comment libmad-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20201631056
rhsa
id RHSA-2020:1631
released 2020-04-28
severity Low
title RHSA-2020:1631: GStreamer, libmad, and SDL security, bug fix, and enhancement update (Low)
rpms
  • SDL-0:1.2.15-37.el8
  • SDL-debuginfo-0:1.2.15-37.el8
  • SDL-debugsource-0:1.2.15-37.el8
  • SDL-devel-0:1.2.15-37.el8
  • SDL2-0:2.0.10-2.el8
  • SDL2-debuginfo-0:2.0.10-2.el8
  • SDL2-debugsource-0:2.0.10-2.el8
  • SDL2-devel-0:2.0.10-2.el8
  • SDL2-static-0:2.0.10-2.el8
  • gstreamer1-0:1.16.1-2.el8
  • gstreamer1-debuginfo-0:1.16.1-2.el8
  • gstreamer1-debugsource-0:1.16.1-2.el8
  • gstreamer1-devel-0:1.16.1-2.el8
  • gstreamer1-plugins-bad-free-0:1.16.1-1.el8
  • gstreamer1-plugins-bad-free-debuginfo-0:1.16.1-1.el8
  • gstreamer1-plugins-bad-free-debugsource-0:1.16.1-1.el8
  • gstreamer1-plugins-bad-free-devel-0:1.16.1-1.el8
  • gstreamer1-plugins-base-0:1.16.1-1.el8
  • gstreamer1-plugins-base-debuginfo-0:1.16.1-1.el8
  • gstreamer1-plugins-base-debugsource-0:1.16.1-1.el8
  • gstreamer1-plugins-base-devel-0:1.16.1-1.el8
  • gstreamer1-plugins-base-tools-debuginfo-0:1.16.1-1.el8
  • gstreamer1-plugins-good-0:1.16.1-1.el8
  • gstreamer1-plugins-good-debuginfo-0:1.16.1-1.el8
  • gstreamer1-plugins-good-debugsource-0:1.16.1-1.el8
  • gstreamer1-plugins-good-gtk-0:1.16.1-1.el8
  • gstreamer1-plugins-good-gtk-debuginfo-0:1.16.1-1.el8
  • gstreamer1-plugins-ugly-free-0:1.16.1-1.el8
  • gstreamer1-plugins-ugly-free-debuginfo-0:1.16.1-1.el8
  • gstreamer1-plugins-ugly-free-debugsource-0:1.16.1-1.el8
  • libmad-0:0.15.1b-25.el8
  • libmad-debuginfo-0:0.15.1b-25.el8
  • libmad-debugsource-0:0.15.1b-25.el8
  • libmad-devel-0:0.15.1b-25.el8
  • orc-0:0.4.28-3.el8
  • orc-compiler-0:0.4.28-3.el8
  • orc-compiler-debuginfo-0:0.4.28-3.el8
  • orc-debuginfo-0:0.4.28-3.el8
  • orc-debugsource-0:0.4.28-3.el8
  • orc-devel-0:0.4.28-3.el8
refmap via4
misc
Last major update 19-03-2018 - 18:34
Published 20-02-2018 - 21:29
Last modified 19-03-2018 - 18:34
Back to Top