Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4048

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4048
Last Modified 17 Oct 2011 12:00:00
Published 07 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4048

Summary

Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.

Vulnerable Systems

Application

  • Ffmpeg 0.4.6

  • Ffmpeg 0.4.7

  • Ffmpeg 0.4.8

  • Ffmpeg 0.4.9 Pre1

  • Ffmpeg Cvs


References

BID - 15743

SECUNIA - 17892

CONFIRM - http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg

CONFIRM - http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg

VUPEN - ADV-2005-2770

DEBIAN - DSA-992

UBUNTU - USN-230-2

UBUNTU - USN-230-1

MANDRIVA - MDKSA-2005:232

MANDRIVA - MDKSA-2005:231

MANDRIVA - MDKSA-2005:230

MANDRIVA - MDKSA-2005:229

MANDRIVA - MDKSA-2005:228

GENTOO - GLSA-200603-03

GENTOO - GLSA-200602-01

GENTOO - GLSA-200601-06

DEBIAN - DSA-1005

DEBIAN - DSA-1004

SECUNIA - 19279

SECUNIA - 19272

SECUNIA - 19192

SECUNIA - 19114

SECUNIA - 18746

SECUNIA - 18739

SECUNIA - 18400

SECUNIA - 18107

SECUNIA - 18087

SECUNIA - 18066

CONFIRM - http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup

MISC - http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558


Last Updated: 27 May 2016 10:41:10