Ubuntu
faad2 package

  1. Bug #277110
  2. Comment #10

Comment 10 for bug 277110

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package faad2 - 2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1

---------------
faad2 (2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1) feisty-security; urgency=low

  * SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function
    (frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause
    a denial of service (crash) and possibly execute arbitrary code via a
    crafted MPEG-4 (MP4) file. (Closes LP: #277110)
  * 11_CVE-2008-4201.diff
    - Patch supplied by upstream modified slightly to patch cleanly
      and address vulnerability.
  * References
    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201
    http://www.audiocoding.com/patch/main_overflow.diff
    CVE-2008-4201

 -- Stefan Lesicnik <email address hidden> Fri, 03 Oct 2008 10:55:41 +0200