OpenCVE

Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ffmpeg	Ffmpeg

Configuration 1 [-]

OR	cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:cvs:::::::*

No data.

References

Link	Providers
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558
http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup
http://secunia.com/advisories/17892
http://secunia.com/advisories/18066
http://secunia.com/advisories/18087
http://secunia.com/advisories/18107
http://secunia.com/advisories/18400
http://secunia.com/advisories/18739
http://secunia.com/advisories/18746
http://secunia.com/advisories/19114
http://secunia.com/advisories/19192
http://secunia.com/advisories/19272
http://secunia.com/advisories/19279
http://www.debian.org/security/2006/dsa-1004
http://www.debian.org/security/2006/dsa-1005
http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml
http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml
http://www.gentoo.org/security/en/glsa/glsa-200603-03.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:228
http://www.mandriva.com/security/advisories?name=MDKSA-2005:229
http://www.mandriva.com/security/advisories?name=MDKSA-2005:230
http://www.mandriva.com/security/advisories?name=MDKSA-2005:231
http://www.mandriva.com/security/advisories?name=MDKSA-2005:232
http://www.securityfocus.com/bid/15743
http://www.us.debian.org/security/2006/dsa-992
http://www.vupen.com/english/advisories/2005/2770
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg
https://usn.ubuntu.com/230-1/
https://usn.ubuntu.com/230-2/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-12-07T11:00:00

Updated: 2024-08-07T23:31:48.965Z

Reserved: 2005-12-07T00:00:00

Link: CVE-2005-4048

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-12-07T11:03:00.000

Modified: 2018-10-30T16:25:34.370

Link: CVE-2005-4048

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object