CVE-2008-4201

Publication date 24 September 2008

Last updated 24 July 2024


Ubuntu priority

Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.

Status

Package Ubuntu Release Status
faad2 8.04 LTS hardy
Fixed 2.6.1-2ubuntu0.1
7.10 gutsy
Fixed 2.0.0+cvs20040908+mp4v2+bmp-0ubuntu5.1
7.04 feisty
Fixed 2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1
6.06 LTS dapper
Fixed 2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.6.06.1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
faad2