CVE-2018-17825

CRITICAL

AdPlug 2.3.1 - Memory Corruption

Title source: llm

Description

An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.

References (3)

[Exploit, Third Party Advisory] https://github.com/adplug/adplug/issues/67

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q32A64R2APAC5PXIMSYIEFDQX5AD4GAS/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3PW6PLDTPSQQRHKTU2FB72SUB4Q66NE/

Scores

CVSS v3 9.8

EPSS 0.0048

EPSS Percentile 64.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (3)

adplug_project/adplug

fedoraproject/fedora

Timeline

Published Oct 01, 2018

Tracked Since Feb 18, 2026