FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-4201

This CVE name corresponds to:

Entered Topic
2008-11-12 faad2 -- heap overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-4201 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-4201
Phase Assigned(20080923)

Description

Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.

References

Source Reference
MISC http://bugs.gentoo.org/attachment.cgi?id=166174&action=view
MLIST [oss-security] 20080924 Re: CVE id request: fraud2
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499899
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=238445
CONFIRM http://www.audiocoding.com/archive.html
CONFIRM http://www.audiocoding.com/patch/main_overflow.diff
GENTOO GLSA-200811-03
BID 31219
OSVDB 48349
SECUNIA 32661
SECUNIA 32006
VUPEN ADV-2008-2601

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.