DescriptionThe mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)


Seems like a duplicate of CVE-2017-11552 relates to the issue raised in
MITRE stated, that "[...] However, if there are two different code
paths by which libmad is used incorrectly, and both code paths result
in "double free or corruption" errors, then we would represent this
with two CVEs."

Search for package or bug name: Reporting problems