Login Sign Up

CVE-2018-17825

9.8 CRITICAL
Remote Code Execution Denial of Service

📋 TL;DR

This CVE describes a double-free vulnerability in AdPlug 2.3.1's CEmuopl class that can lead to memory corruption. Attackers could exploit this to execute arbitrary code or cause denial of service. Any system using the vulnerable AdPlug library for audio file playback is affected.

💻 Affected Systems

Products:
  • AdPlug
Versions: 2.3.1 and possibly earlier versions
Operating Systems: Linux, Windows, macOS, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using AdPlug library for audio playback (games, media players, etc.) is vulnerable

📦 What is this software?

Adplug by Adplug Project

View all CVEs affecting Adplug →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with SYSTEM/root privileges leading to complete system compromise

🟠

Likely Case

Application crash or denial of service when processing malicious audio files

🟢

If Mitigated

Application crash without privilege escalation if memory protections are enabled

🌐 Internet-Facing: MEDIUM - Requires processing malicious audio files, which could be delivered via web applications or email
🏢 Internal Only: LOW - Requires user interaction to open malicious audio files

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious audio files; proof-of-concept exists in GitHub issue

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.2 or later

Vendor Advisory: https://github.com/adplug/adplug/issues/67

Restart Required: Yes

Instructions:

1. Update AdPlug to version 2.3.2 or later. 2. Rebuild any applications using AdPlug. 3. Restart affected services.

🔧 Temporary Workarounds

Disable AdPlug processing

all

Temporarily disable AdPlug library usage in applications

# For Linux: Remove or rename libadplug.so
# For Windows: Remove adplug.dll from application directories

🧯 If You Can't Patch

  • Implement strict file upload validation to block potentially malicious audio files
  • Run applications with minimal privileges and memory protection features (ASLR, DEP)

🔍 How to Verify

Check if Vulnerable:

Check if AdPlug version 2.3.1 or earlier is installed: 'adplug-config --version' or check package manager

Check Version:

adplug-config --version || dpkg -l | grep adplug || rpm -qa | grep adplug

Verify Fix Applied:

Verify AdPlug version is 2.3.2 or later: 'adplug-config --version'

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory access violations
  • Segmentation faults in audio processing components

Network Indicators:

  • Unusual audio file uploads to web applications
  • Suspicious file transfers with .adl, .amd, .bam, .cff, .cmf, .d00, .dfm, .dmo, .dro, .dtm, .hsc, .hsp, .imf, .ksm, .laa, .lds, .m, .mad, .mid, .mkj, .mtk, .rad, .raw, .rol, .s3m, .sa2, .sat, .sng, .xad, .xsm extensions

SIEM Query:

process_name:adplug AND (event_type:crash OR exit_code:139 OR exit_code:0xC0000005)

📊 Metadata

CVE ID: CVE-2018-17825
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-415
Published: October 1, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-17825, you might also want to check these:

CVE-2020-35885 9.8

This vulnerability in the alpm-rs Rust crate allows double-free memory corruption due to improper de...

Same vulnerability type (CWE-415)
CVE-2019-5481 9.8

CVE-2019-5481 is a double-free vulnerability in cURL's FTP-kerberos code that allows remote attacker...

Same vulnerability type (CWE-415)
CVE-2021-29940 9.8

This vulnerability in the Rust 'through' crate allows double-free memory corruption when the map fun...

Same vulnerability type (CWE-415)