CVE-2008-4201Improper Restriction of Operations within the Bounds of a Memory Buffer in Faad2

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
9.3CRITICALNVD
EPSS
6.6%
top 8.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Faad2 Project Faad2Audiocoding Faad2
Timeline
PublishedSep 24
Latest updateMay 2

Description

Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

Debianfaad2_project/faad2< 2.6.1-3.1+3
NVDaudiocoding/faad22.6.1+3

🔴Vulnerability Details

3
GHSA
GHSA-v676-q56x-42jv: Heap-based buffer overflow in the decodeMP4file function (frontend/main2022-05-02
CVEList
CVE-2008-4201: Heap-based buffer overflow in the decodeMP4file function (frontend/main2008-09-24
OSV
CVE-2008-4201: Heap-based buffer overflow in the decodeMP4file function (frontend/main2008-09-24

📋Vendor Advisories

1
Debian
CVE-2008-4201: faad2 - Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FA...2008
CVE-2008-4201 — Audiocoding Faad2 vulnerability | cvebase