{"id":"CVE-2018-19886","details":"An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 8 case.","modified":"2026-03-14T09:28:49.847608Z","published":"2018-12-06T00:29:00.343Z","references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202208-16"},{"type":"EVIDENCE","url":"https://github.com/knik0/faac/issues/23"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/knik0/faac","events":[{"introduced":"0"},{"last_affected":"389e7e5433e86bb6b24ab80086f6c5f005400ef4"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.29.9.2"}]}}],"versions":["1_29_0","1_29_1","1_29_2","1_29_3","1_29_4","1_29_5","1_29_6","1_29_6_2","1_29_7","1_29_7_2","1_29_7_3","1_29_7_5","1_29_7_6","1_29_7_7","1_29_7_8","1_29_8","1_29_8_2","1_29_8_3","1_29_9","1_29_9_2","faac1_17","faac1_18","faac1_19","faac1_20","faac1_21_1","faac1_23","faac1_23_3","faac1_24","ver_1_0","ver_1_1","ver_1_16","ver_1_5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19886.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}