Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Ffmpeg
  • Ffmpeg

Configuration 1 [-]

OR cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:cvs:*:*:*:*:*:*:*
References
Link Resource
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558
http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup
http://secunia.com/advisories/17892 Patch Vendor Advisory
http://secunia.com/advisories/18066 Vendor Advisory
http://secunia.com/advisories/18087 Vendor Advisory
http://secunia.com/advisories/18107 Vendor Advisory
http://secunia.com/advisories/18400 Vendor Advisory
http://secunia.com/advisories/18739 Vendor Advisory
http://secunia.com/advisories/18746 Vendor Advisory
http://secunia.com/advisories/19114 Vendor Advisory
http://secunia.com/advisories/19192 Vendor Advisory
http://secunia.com/advisories/19272 Vendor Advisory
http://secunia.com/advisories/19279 Vendor Advisory
http://www.debian.org/security/2006/dsa-1004
http://www.debian.org/security/2006/dsa-1005
http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml
http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml
http://www.gentoo.org/security/en/glsa/glsa-200603-03.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:228
http://www.mandriva.com/security/advisories?name=MDKSA-2005:229
http://www.mandriva.com/security/advisories?name=MDKSA-2005:230
http://www.mandriva.com/security/advisories?name=MDKSA-2005:231
http://www.mandriva.com/security/advisories?name=MDKSA-2005:232
http://www.securityfocus.com/bid/15743 Patch
http://www.us.debian.org/security/2006/dsa-992
http://www.vupen.com/english/advisories/2005/2770 Vendor Advisory
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg
https://usn.ubuntu.com/230-1/
https://usn.ubuntu.com/230-2/
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-12-07T11:00:00

Updated: 2018-10-03T20:57:01

Reserved: 2005-12-07T00:00:00

Link: CVE-2005-4048

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2005-12-07T11:03:00.000

Modified: 2018-10-30T16:25:34.370

Link: CVE-2005-4048

JSON object: View

cve-icon Redhat Information

No data.

CWE