CVE-2005-4048

EPSS 5.92%
Veröffentlicht 07.12.2005 11:03:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 33

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ffmpeg ≫ Ffmpeg Version0.4.6

Ffmpeg ≫ Ffmpeg Version0.4.7

Ffmpeg ≫ Ffmpeg Version0.4.8

Ffmpeg ≫ Ffmpeg Version0.4.9

Ffmpeg ≫ Ffmpeg Versioncvs

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.92%	0.896

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558

http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup

http://secunia.com/advisories/17892

Patch

Vendor Advisory

http://secunia.com/advisories/18066

Vendor Advisory

http://secunia.com/advisories/18087

Vendor Advisory

http://secunia.com/advisories/18107

Vendor Advisory

http://secunia.com/advisories/18400