Vulnerability CVE-2005-4048 - CERT Civis.Net

Vulnerability Name:

CVE-2005-4048 (CCN-23502)

Assigned:

2005-11-30

Published:

2005-11-30

Updated:

2018-10-30

Summary:

Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: ffmpeg-devel Mailing List, 2005-11-30 14:11:08 GMT
PIX_FMT_PAL8 seg fault

Source: MISC
Type: UNKNOWN
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558

Source: MITRE
Type: CNA
CVE-2005-4048

Source: CONFIRM
Type: UNKNOWN
http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup

Source: CCN
Type: FFmpeg Web page
FFmpeg

Source: CCN
Type: SA17892
FFmpeg libavcodec Buffer Overflow Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
17892

Source: SECUNIA
Type: Vendor Advisory
18066

Source: CCN
Type: SA18087
xine-lib FFmpeg libavcodec Buffer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
18087

Source: SECUNIA
Type: Vendor Advisory
18107

Source: SECUNIA
Type: Vendor Advisory
18400

Source: CCN
Type: SA18739
GStreamer FFmpeg Plug-in libavcodec Buffer Overflow

Source: SECUNIA
Type: Vendor Advisory
18739

Source: SECUNIA
Type: Vendor Advisory
18746

Source: SECUNIA
Type: Vendor Advisory
19114

Source: SECUNIA
Type: Vendor Advisory
19192

Source: SECUNIA
Type: Vendor Advisory
19272

Source: SECUNIA
Type: Vendor Advisory
19279

Source: DEBIAN
Type: UNKNOWN
DSA-1004

Source: DEBIAN
Type: UNKNOWN
DSA-1005

Source: DEBIAN
Type: DSA-1004
vlc -- buffer overflow

Source: DEBIAN
Type: DSA-1005
xine-lib -- buffer overflow

Source: DEBIAN
Type: DSA-992
ffmpeg -- buffer overflow

Source: CCN
Type: GLSA-200601-06
xine-lib, FFmpeg: Heap-based buffer overflow

Source: GENTOO
Type: UNKNOWN
GLSA-200601-06

Source: CCN
Type: GLSA-200602-01
GStreamer FFmpeg plugin: Heap-based buffer overflow

Source: GENTOO
Type: UNKNOWN
GLSA-200602-01

Source: CCN
Type: GLSA-200603-03
MPlayer: Multiple integer overflows

Source: GENTOO
Type: UNKNOWN
GLSA-200603-03

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:228

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:229

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:230

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:231

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:232

Source: CCN
Type: OSVDB ID: 21458
FFmpeg libavcodec avcodec_default_get_buffer Function Overflow

Source: CCN
Type: OSVDB ID: 29312
FFmpeg libavcodec Multiple Overflows

Source: CCN
Type: OSVDB ID: 29553
FFmpeg Crafted "bad indexes" AVI Arbitrary Code Execution

Source: BID
Type: Patch
15743

Source: CCN
Type: BID-15743
FFmpeg LibAVCodec Heap Buffer Overflow Vulnerability

Source: CCN
Type: USN-230-1
ffmpeg vulnerability

Source: CCN
Type: USN-230-2
ffmpeg/xine-lib vulnerability

Source: DEBIAN
Type: UNKNOWN
DSA-992

Source: VUPEN
Type: Vendor Advisory
ADV-2005-2770

Source: CONFIRM
Type: UNKNOWN
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg

Source: CCN
Type: FFmpeg CVS Repository
CVS log for ffmpeg/libavcodec/utils.c

Source: CONFIRM
Type: UNKNOWN
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg

Source: CCN
Type: xine Web site
xine - A Free Video Player - News - xine-lib 1.1.2

Source: XF
Type: UNKNOWN
ffmpeg-libavcodec-bo(23502)

Source: UBUNTU
Type: UNKNOWN
USN-230-1

Source: UBUNTU
Type: UNKNOWN
USN-230-2

Vulnerable Configuration:

Configuration 1:

cpe:/a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*

OR cpe:/a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*

OR cpe:/a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*

OR cpe:/a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*

OR cpe:/a:ffmpeg:ffmpeg:cvs:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.debian:def:1004	V	buffer overflow	2006-03-16
oval:org.debian:def:1005	V	buffer overflow	2006-03-16
oval:org.debian:def:992	V	buffer overflow	2006-03-10