FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

faad2 -- heap overflow vulnerability

Affected packages
faad2 < 2.6.1_1,1

Details

VuXML ID 445ed958-b0d9-11dd-a55e-00163e000016
Discovery 2008-09-16
Entry 2008-11-12
Modified 2008-11-13

CVE reports:

Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.

References

CVE Name CVE-2008-4201
URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499899
URL http://www.gentoo.org/security/en/glsa/glsa-200811-03.xml