CVE-2005-4048

EPSS 5.92%
Published 07.12.2005 11:03:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.

Affected products Warnungen 0 Metrics 2 CWE 1 References 33

Data is provided by the National Vulnerability Database (NVD)

Ffmpeg ≫ Ffmpeg Version0.4.6

Ffmpeg ≫ Ffmpeg Version0.4.7

Ffmpeg ≫ Ffmpeg Version0.4.8

Ffmpeg ≫ Ffmpeg Version0.4.9

Ffmpeg ≫ Ffmpeg Versioncvs

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.92%	0.896

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558

http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup

http://secunia.com/advisories/17892

Patch

Vendor Advisory

http://secunia.com/advisories/18066

Vendor Advisory

http://secunia.com/advisories/18087

Vendor Advisory

http://secunia.com/advisories/18107

Vendor Advisory

http://secunia.com/advisories/18400