CVE-2005-4048

CVSS 7.5 - HIGH

Description

Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.

Affected Products

5

Vendor	Product	Version
ffmpeg	ffmpeg	`0.4.6`
ffmpeg	ffmpeg	`0.4.7`
ffmpeg	ffmpeg	`0.4.8`
ffmpeg	ffmpeg	`0.4.9`
ffmpeg	ffmpeg	`cvs`

References

http://article.gmane.org/gmane.comp.video.ffmpeg.d...

http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/Ch...

http://secunia.com/advisories/17892

http://secunia.com/advisories/18066

http://secunia.com/advisories/18087

http://secunia.com/advisories/18107

http://secunia.com/advisories/18400

http://secunia.com/advisories/18739

http://secunia.com/advisories/18746

http://secunia.com/advisories/19114

http://secunia.com/advisories/19192

http://secunia.com/advisories/19272

http://secunia.com/advisories/19279

http://www.debian.org/security/2006/dsa-1004

http://www.debian.org/security/2006/dsa-1005

http://www.gentoo.org/security/en/glsa/glsa-200601...

http://www.gentoo.org/security/en/glsa/glsa-200602...

http://www.gentoo.org/security/en/glsa/glsa-200603...

http://www.mandriva.com/security/advisories?name=M...

http://www.mandriva.com/security/advisories?name=M...

Weakness Types

CWE-119

CVE Information

CVE ID:: CVE-2005-4048
Published:: 2005-12-07
Modified:: 2026-04-16
CVSS Score:: 7.5
Severity:: HIGH
Vector:: AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Vendors

ffmpeg

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL