This bug was fixed in the package faad2 - 2.6.1-2ubuntu0.1 --------------- faad2 (2.6.1-2ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE: Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 before 2.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file. (Closes LP: #277110) * 12_heap_overflow.dpatch - Patch supplied by upstream to address vulnerability. * References http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4201 http://www.audiocoding.com/patch/main_overflow.diff CVE-2008-4201 -- Stefan Lesicnik <[EMAIL PROTECTED]> Thu, 02 Oct 2008 16:26:26 +0200 ** Changed in: faad2 (Ubuntu Hardy) Status: Fix Committed => Fix Released ** Changed in: faad2 (Ubuntu Gutsy) Status: Fix Committed => Fix Released -- [CVE-2008-4201] faad2 2.6.1 - Heap-based buffer overflow in the decodeMP4file function and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file https://bugs.launchpad.net/bugs/277110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs