This bug was fixed in the package faad2 - 2.0.0+cvs20040908+mp4v2+bmp-
0ubuntu3.7.04.1
---------------
faad2 (2.0.0+cvs20040908+mp4v2+bmp-0ubuntu3.7.04.1) feisty-security; urgency=low
* SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function
(frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause
a denial of service (crash) and possibly execute arbitrary code via a
crafted MPEG-4 (MP4) file. (Closes LP: #277110)
* 11_CVE-2008-4201.diff
- Patch supplied by upstream modified slightly to patch cleanly
and address vulnerability.
* References
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201
http://www.audiocoding.com/patch/main_overflow.diff
CVE-2008-4201
-- Stefan Lesicnik <[EMAIL PROTECTED]> Fri, 03 Oct 2008 10:55:41 +0200
--
[CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file
function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file
https://bugs.launchpad.net/bugs/277110
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
