Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4201

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4201
Last Modified 03 Jan 2011 12:00:00
Published 24 Sep 2008 07:42:25
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4201

Summary

Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.

Vulnerable Systems

Application

  • Audiocoding Faad2 1.1

  • Audiocoding Faad2 2.0

  • Audiocoding Faad2 2.5

  • Audiocoding Faad2 2.6.1


References

VUPEN - ADV-2008-2601

BID - 31219

MLIST - [oss-security] 20080924 Re: CVE id request: fraud2

CONFIRM - http://www.audiocoding.com/patch/main_overflow.diff

CONFIRM - http://www.audiocoding.com/archive.html

GENTOO - GLSA-200811-03

SECUNIA - 32661

SECUNIA - 32006

OSVDB - 48349

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=238445

MISC - http://bugs.gentoo.org/attachment.cgi?id=166174&action=view

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499899


Last Updated: 27 May 2016 10:48:25