CVE-2008-4201: Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service…

critical9.3CVSS 3.1

AVNACMAuNCCICAC

Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.

Affected

9 ranges

Vendor	Product	Version range	Fixed in
audiocoding	faad2	<= 2.6.1	—
audiocoding	faad2	—	—
audiocoding	faad2	—	—
audiocoding	faad2	—	—
debian	faad2	< faad2 2.6.1-3.1 (bookworm)	faad2 2.6.1-3.1 (bookworm)
faad2_project	faad2	>= 0 < 2.6.1-3.1	2.6.1-3.1
faad2_project	faad2	>= 0 < 2.6.1-3.1	2.6.1-3.1
faad2_project	faad2	>= 0 < 2.6.1-3.1	2.6.1-3.1
faad2_project	faad2	>= 0 < 2.6.1-3.1	2.6.1-3.1

CVSS provenance

nvd9.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C

osv9.3CRITICAL