cpe:/a:audiocoding:freeware_advanced_audio_decoder_2:2.8.8 CVE-2018-20198 2018-12-17T20:29:00.440-05:00 2019-05-19T12:29:00.537-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov BUGTRAQ 20190916 [SECURITY] [DSA 4522-1] faad2 security update DEBIAN DSA-4522 MLIST [debian-lts-announce] 20190519 [SECURITY] [DLA 1791-1] faad2 security update MISC https://github.com/knik0/faad2/issues/23 A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the LONG_START_SEQUENCE case.