The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552. References: https://bugzilla.suse.com/show_bug.cgi?id=1081784
Created libmad tracking bugs for this issue: Affects: epel-all [bug 1477498] Affects: fedora-all [bug 1477499]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1631 https://access.redhat.com/errata/RHSA-2020:1631
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-7263