TROYANOSYVIRUS
Back to CVEs

CVE-2005-4048

N/A

Description

Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.

CVE Details

CVSS v3.1 ScoreN/A
Published12/7/2005
Last Modified4/16/2026
Sourcenvd
Honeypot Sightings0

Affected Products

ffmpeg:ffmpeg

Weaknesses (CWE)

CWE-119

References

http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558(cve@mitre.org)
http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup(cve@mitre.org)
http://secunia.com/advisories/17892(cve@mitre.org)
http://secunia.com/advisories/18066(cve@mitre.org)
http://secunia.com/advisories/18087(cve@mitre.org)
http://secunia.com/advisories/18107(cve@mitre.org)
http://secunia.com/advisories/18400(cve@mitre.org)
http://secunia.com/advisories/18739(cve@mitre.org)
http://secunia.com/advisories/18746(cve@mitre.org)
http://secunia.com/advisories/19114(cve@mitre.org)
http://secunia.com/advisories/19192(cve@mitre.org)
http://secunia.com/advisories/19272(cve@mitre.org)
http://secunia.com/advisories/19279(cve@mitre.org)
http://www.debian.org/security/2006/dsa-1004(cve@mitre.org)
http://www.debian.org/security/2006/dsa-1005(cve@mitre.org)
http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml(cve@mitre.org)
http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml(cve@mitre.org)
http://www.gentoo.org/security/en/glsa/glsa-200603-03.xml(cve@mitre.org)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:228(cve@mitre.org)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:229(cve@mitre.org)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:230(cve@mitre.org)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:231(cve@mitre.org)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:232(cve@mitre.org)
http://www.securityfocus.com/bid/15743(cve@mitre.org)
http://www.us.debian.org/security/2006/dsa-992(cve@mitre.org)
http://www.vupen.com/english/advisories/2005/2770(cve@mitre.org)
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg(cve@mitre.org)
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg(cve@mitre.org)
https://usn.ubuntu.com/230-1/(cve@mitre.org)
https://usn.ubuntu.com/230-2/(cve@mitre.org)
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558(af854a3a-2127-422b-91ae-364da2661108)
http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17892(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18066(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18087(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18107(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18400(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18739(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18746(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19114(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19192(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19272(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19279(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1004(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1005(af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml(af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml(af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200603-03.xml(af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:228(af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:229(af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:230(af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:231(af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:232(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/15743(af854a3a-2127-422b-91ae-364da2661108)
http://www.us.debian.org/security/2006/dsa-992(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2005/2770(af854a3a-2127-422b-91ae-364da2661108)
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg(af854a3a-2127-422b-91ae-364da2661108)
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/230-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/230-2/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.