Headline

CVE-2018-19886: Invalid memory address dereference in huffcode (in libfaac/huff2.c:184) · Issue #23 · knik0/faac

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 8 case.

6 years ago

CVE

Open in Source

#vulnerability #linux #dos

Hi, i found a issue in the FAAC 1.29.9.2, it is crashed by function huffcode .It just cause a Invalid memory address dereference.the details are below(ASAN):

./faac faac_res/unkown_addr_huff2_184  -o out.aac
Freeware Advanced Audio Coder
FAAC 1.29.9.2

Initial quantization quality: 50
Average bitrate: 64 kbps/channel
Bandwidth: 5512 Hz
PNS level: 4
Object type: Low Complexity(MPEG-2) + IS + PNS
Container format: Transport Stream (ADTS)
Encoding faac_res/unkown_addr_huff2_184 to out.aac
   frame          | bitrate | elapsed/estim | play/CPU | ETA
ASAN:SIGSEGV
=================================================================
==27224==ERROR: AddressSanitizer: SEGV on unknown address 0x7f46283263a0 (pc 0x7f482811d6b3 bp 0x7fff764d41e0 sp 0x7fff764d4110 T0)
    #0 0x7f482811d6b2 in huffcode /root/faac_asan/faac/libfaac/huff2.c:184
    #1 0x7f482811e7e0 in huffbook /root/faac_asan/faac/libfaac/huff2.c:417
    #2 0x7f482811abe6 in qlevel /root/faac_asan/faac/libfaac/quantize.c:282
    #3 0x7f482811aff8 in BlocQuant /root/faac_asan/faac/libfaac/quantize.c:312
    #4 0x7f482810e38e in faacEncEncode /root/faac_asan/faac/libfaac/frame.c:586
    #5 0x4057cf in main /root/faac_asan/faac/frontend/main.c:1071
    #6 0x7f4827d5682f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #7 0x401968 in _start (/usr/local/faac-asan/bin/faac+0x401968)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/faac_asan/faac/libfaac/huff2.c:184 huffcode
==27224==ABORTING