Ubuntu
faad2 package

[CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file

Bug #277110 reported by Stefan Lesicnik
254
Affects Status Importance Assigned to Milestone
faad2 (Ubuntu)
Fix Released
Undecided
William Grant
Dapper
Fix Released
Undecided
Stefan Lesicnik
Feisty
Fix Released
Undecided
Stefan Lesicnik
Gutsy
Fix Released
Undecided
Stefan Lesicnik
Hardy
Fix Released
Undecided
Stefan Lesicnik
Intrepid
Fix Released
Undecided
William Grant

Bug Description

CVE-2008-4201

Description
Heap-based buffer overflow in the decodeMP4file function (frontend/main.c)
in FAAD2 before 2.6.1 allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4)
file.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4201

Revision history for this message
Stefan Lesicnik (stefanlsd) wrote :

Intrepid sync request has been requested.
https://bugs.edge.launchpad.net/ubuntu/+source/faad2/+bug/275311

Thanks William.

Revision history for this message
Stefan Lesicnik (stefanlsd) wrote :

Debdiff to patch Hardy.

William Grant (wgrant)
Changed in faad2:
assignee: nobody → wgrant
status: New → In Progress
Revision history for this message
Stefan Lesicnik (stefanlsd) wrote :

Debdiff to patch Gutsy.

Revision history for this message
Stefan Lesicnik (stefanlsd) wrote :

Debdiff to patch Feisty

Revision history for this message
Stefan Lesicnik (stefanlsd) wrote :

Debdiff to patch Dapper

William Grant (wgrant)
Changed in faad2:
assignee: nobody → stefanlsd
status: New → In Progress
assignee: nobody → stefanlsd
status: New → In Progress
assignee: nobody → stefanlsd
status: New → In Progress
assignee: nobody → stefanlsd
status: New → In Progress
Revision history for this message
Stefan Lesicnik (stefanlsd) wrote :

After being in contact with upstream, I received a non-public exploit.

This exploit was run against Intrepid, Hardy, Gutsy, Feisty and Dapper and caused the application to segfault.

[12013.368559] faad[9750]: segfault at 9758000 ip 0804bed3 sp bfba6d50 error 4 in faad[8048000+6000]

After applying the fix, the same exploit was run and the application exited successfully without segfaulting.

This is a minor patch, created by upstream, and no regressions or functionality problems were detected.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for your patch! The dapper and feisty versions had to be adjusted according to https://wiki.ubuntu.com/SecurityUpdateProcedures (Ubuntu 6.06 and 7.04 have the same version).

Jamie Strandboge (jdstrand)
Changed in faad2:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package faad2 - 2.6.1-2ubuntu0.1

---------------
faad2 (2.6.1-2ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function
    (frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause
    a denial of service (crash) and possibly execute arbitrary code via a
    crafted MPEG-4 (MP4) file. (Closes LP: #277110)
  * 12_heap_overflow.dpatch
    - Patch supplied by upstream to address vulnerability.
  * References
    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201
    http://www.audiocoding.com/patch/main_overflow.diff
    CVE-2008-4201

 -- Stefan Lesicnik <email address hidden> Thu, 02 Oct 2008 16:26:26 +0200

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package faad2 - 2.0.0+cvs20040908+mp4v2+bmp-0ubuntu5.1

---------------
faad2 (2.0.0+cvs20040908+mp4v2+bmp-0ubuntu5.1) gutsy-security; urgency=low

  * SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function
    (frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause
    a denial of service (crash) and possibly execute arbitrary code via a
    crafted MPEG-4 (MP4) file. (Closes LP: #277110)
  * 11_CVE-2008-4201.diff
    - Patch supplied by upstream modified slightly to patch cleanly
      and address vulnerability.
  * References
    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201
    http://www.audiocoding.com/patch/main_overflow.diff
    CVE-2008-4201

 -- Stefan Lesicnik <email address hidden> Fri, 03 Oct 2008 10:46:07 +0200

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package faad2 - 2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1

---------------
faad2 (2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1) feisty-security; urgency=low

  * SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function
    (frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause
    a denial of service (crash) and possibly execute arbitrary code via a
    crafted MPEG-4 (MP4) file. (Closes LP: #277110)
  * 11_CVE-2008-4201.diff
    - Patch supplied by upstream modified slightly to patch cleanly
      and address vulnerability.
  * References
    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201
    http://www.audiocoding.com/patch/main_overflow.diff
    CVE-2008-4201

 -- Stefan Lesicnik <email address hidden> Fri, 03 Oct 2008 10:55:41 +0200

Changed in faad2:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand)
Changed in faad2:
status: Fix Committed → Fix Released
Stefan Lesicnik (stefanlsd)
Changed in faad2:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.