CVE-2008-4201

Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.

Link	Resource
http://bugs.gentoo.org/attachment.cgi?id=166174&action=view	Exploit
http://www.audiocoding.com/archive.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499899
http://bugs.gentoo.org/show_bug.cgi?id=238445
http://www.openwall.com/lists/oss-security/2008/09/24/6
http://security.gentoo.org/glsa/glsa-200811-03.xml
http://www.securityfocus.com/bid/31219
http://secunia.com/advisories/32661	Vendor Advisory
http://www.audiocoding.com/patch/main_overflow.diff
http://secunia.com/advisories/32006	Vendor Advisory
http://www.vupen.com/english/advisories/2008/2601	Vendor Advisory
http://osvdb.org/48349

Configuration 1

cpe:2.3:a:audiocoding:faad2:2.0:rc3:*:*:*:*:*:* cpe:2.3:a:audiocoding:faad2:2.0:rc2:*:*:*:*:*:* cpe:2.3:a:audiocoding:faad2:1.1:*:*:*:*:*:*:* cpe:2.3:a:audiocoding:faad2:2.0:rc1:*:*:*:*:*:* cpe:2.3:a:audiocoding:faad2:*:*:*:*:*:*:*:* cpe:2.3:a:audiocoding:faad2:2.5:*:*:*:*:*:*:*

---

Published : 2008-09-24 11:42

Updated : 2011-01-03 05:00

---

NVD link : CVE-2008-4201

Mitre link : CVE-2008-4201

No products.

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer