Description
Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.
Affected products
- audiocoding / faad22.6.1
- audiocoding / faad21.1 – 1.1
- audiocoding / faad22.0 – 2.0
- audiocoding / faad22.0 – 2.0
- audiocoding / faad22.0 – 2.0
- audiocoding / faad22.5 – 2.5
References
- MISChttp://security.gentoo.org/glsa/glsa-200811-03.xml
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2008/09/24/6
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/2601
- VENDOR_ADVISORYhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499899
- VENDOR_ADVISORYhttp://secunia.com/advisories/32006
- MISChttp://www.audiocoding.com/patch/main_overflow.diff
- MISChttp://www.securityfocus.com/bid/31219
- MISChttp://bugs.gentoo.org/show_bug.cgi?id=238445
- MISChttp://www.audiocoding.com/archive.html
- MISChttp://bugs.gentoo.org/attachment.cgi?id=166174&action=view
- VENDOR_ADVISORYhttp://secunia.com/advisories/32661
- MISChttp://osvdb.org/48349