Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2005-4048

Published: 07/12/2005 Updated: 30/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Ffmpeg

Vulnerability Summary

Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and previous versions, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote malicious users to execute arbitrary commands via small PNG images with palettes.

Vulnerable Product Search on Vulmon Subscribe to Product

ffmpeg ffmpeg 0.4.8

ffmpeg ffmpeg 0.4.9

ffmpeg ffmpeg 0.4.6

ffmpeg ffmpeg 0.4.7

ffmpeg ffmpeg cvs

Vendor Advisories

Debian CVElist Bug Report Logs: ffmpeg: Exploitable heap overflow in libavcodec's image handling
Debian Bug report logs - #342207 ffmpeg: Exploitable heap overflow in libavcodec's image handling Package: ffmpeg; Maintainer for ffmpeg is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for ffmpeg is src:ffmpeg (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: T ...
Ubuntu Security Notice: ffmpeg vulnerability
Simon Kilvington discovered a buffer overflow in the avcodec_default_get_buffer() function of the ffmpeg library By tricking an user into opening a malicious movie which contains specially crafted PNG images, this could be exploited to execute arbitrary code with the user’s privileges ...
Ubuntu Security Notice: xine-lib vulnerability
USN-230-1 fixed a vulnerability in the ffmpeg library The Xine library contains a copy of the ffmpeg code, thus it is vulnerable to the same flaw ...
Debian Security Advisories: DSA-1005-1 xine-lib -- buffer overflow
Simon Kilvington discovered that specially crafted PNG images can trigger a heap overflow in libavcodec, the multimedia library of ffmpeg, which may lead to the execution of arbitrary code xine-lib includes a local copy of libavcodec The old stable distribution (woody) isn't affected by this problem For the stable distribution (sarge) this probl ...
Debian Security Advisories: DSA-992-1 ffmpeg -- buffer overflow
Simon Kilvington discovered that specially crafted PNG images can trigger a heap overflow in libavcodec, the multimedia library of ffmpeg, which may lead to the execution of arbitrary code The old stable distribution (woody) doesn't contain ffmpeg packages For the stable distribution (sarge) this problem has been fixed in version 0cvs20050313-2s ...
Debian Security Advisories: DSA-1004-1 vlc -- buffer overflow
Simon Kilvington discovered that specially crafted PNG images can trigger a heap overflow in libavcodec, the multimedia library of ffmpeg, which may lead to the execution of arbitrary code The vlc media player links statically against libavcodec The old stable distribution (woody) isn't affected by this problem For the stable distribution (sarge ...

References

CWE-119http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeghttp://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeghttp://www.securityfocus.com/bid/15743http://secunia.com/advisories/17892http://secunia.com/advisories/18066http://secunia.com/advisories/18107http://secunia.com/advisories/18087http://www.gentoo.org/security/en/glsa/glsa-200602-01.xmlhttp://secunia.com/advisories/18739http://secunia.com/advisories/18746http://www.gentoo.org/security/en/glsa/glsa-200603-03.xmlhttp://secunia.com/advisories/19114http://www.us.debian.org/security/2006/dsa-992http://secunia.com/advisories/19192http://www.debian.org/security/2006/dsa-1004http://www.debian.org/security/2006/dsa-1005http://secunia.com/advisories/19272http://secunia.com/advisories/19279http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markuphttp://www.gentoo.org/security/en/glsa/glsa-200601-06.xmlhttp://secunia.com/advisories/18400http://www.mandriva.com/security/advisories?name=MDKSA-2005:228http://www.mandriva.com/security/advisories?name=MDKSA-2005:229http://www.mandriva.com/security/advisories?name=MDKSA-2005:230http://www.mandriva.com/security/advisories?name=MDKSA-2005:231http://www.mandriva.com/security/advisories?name=MDKSA-2005:232http://www.vupen.com/english/advisories/2005/2770https://usn.ubuntu.com/230-2/https://usn.ubuntu.com/230-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342207https://nvd.nist.govhttps://usn.ubuntu.com/230-1/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook