Underbit libmad mad_decoder_run() Function Denial of Service Vulnerability [CVE-2018-7263]
CVE number – CVE-2018-7263
A vulnerability in the mad_decoder_run() function of Underbit libmad could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists in the mad_decoder_run() function, as defined in the decoder.c source code file of the affected software, and is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by submitting a crafted file to an affected system. A successful exploit could allow the attacker to cause a DoS condition on the affected system.
The vendor has not confirmed the vulnerability and software updates are not available.
-
To exploit this vulnerability, the attacker may need to access trusted internal networks to submit a crafted file to the targeted system. This access requirement could reduce the likelihood of a successful exploit.
-
Administrators are advised to contact the vendor regarding future updates and releases.
Administrators are advised to allow only trusted users to have network access.
Administrators are advised to monitor affected systems.
-
Vendor announcements are not available.
-
-
Software updates are not available at the time of this publication (22nd March 2018)
-
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.