Vulnerability Description
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | 0.4.6 |
Related Weaknesses (CWE)
References
- http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558
- http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup
- http://secunia.com/advisories/17892PatchVendor Advisory
- http://secunia.com/advisories/18066Vendor Advisory
- http://secunia.com/advisories/18087Vendor Advisory
- http://secunia.com/advisories/18107Vendor Advisory
- http://secunia.com/advisories/18400Vendor Advisory
- http://secunia.com/advisories/18739Vendor Advisory
- http://secunia.com/advisories/18746Vendor Advisory
- http://secunia.com/advisories/19114Vendor Advisory
- http://secunia.com/advisories/19192Vendor Advisory
- http://secunia.com/advisories/19272Vendor Advisory
- http://secunia.com/advisories/19279Vendor Advisory
- http://www.debian.org/security/2006/dsa-1004
- http://www.debian.org/security/2006/dsa-1005
FAQ
What is CVE-2005-4048?
CVE-2005-4048 is a vulnerability with a CVSS score of 7.5 (HIGH). Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) ...
How severe is CVE-2005-4048?
CVE-2005-4048 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4048?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg.