Vulnerability Name:

CVE-2005-4048 (CCN-23502)

Assigned:2005-11-30
Published:2005-11-30
Updated:2018-10-30
Summary:Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: ffmpeg-devel Mailing List, 2005-11-30 14:11:08 GMT
PIX_FMT_PAL8 seg fault

Source: MISC
Type: UNKNOWN
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558

Source: MITRE
Type: CNA
CVE-2005-4048

Source: CONFIRM
Type: UNKNOWN
http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup

Source: CCN
Type: FFmpeg Web page
FFmpeg

Source: CCN
Type: SA17892
FFmpeg libavcodec Buffer Overflow Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
17892

Source: SECUNIA
Type: Vendor Advisory
18066

Source: CCN
Type: SA18087
xine-lib FFmpeg libavcodec Buffer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
18087

Source: SECUNIA
Type: Vendor Advisory
18107

Source: SECUNIA
Type: Vendor Advisory
18400

Source: CCN
Type: SA18739
GStreamer FFmpeg Plug-in libavcodec Buffer Overflow

Source: SECUNIA
Type: Vendor Advisory
18739

Source: SECUNIA
Type: Vendor Advisory
18746

Source: SECUNIA
Type: Vendor Advisory
19114

Source: SECUNIA
Type: Vendor Advisory
19192

Source: SECUNIA
Type: Vendor Advisory
19272

Source: SECUNIA
Type: Vendor Advisory
19279

Source: DEBIAN
Type: UNKNOWN
DSA-1004

Source: DEBIAN
Type: UNKNOWN
DSA-1005

Source: DEBIAN
Type: DSA-1004
vlc -- buffer overflow

Source: DEBIAN
Type: DSA-1005
xine-lib -- buffer overflow

Source: DEBIAN
Type: DSA-992
ffmpeg -- buffer overflow

Source: CCN
Type: GLSA-200601-06
xine-lib, FFmpeg: Heap-based buffer overflow

Source: GENTOO
Type: UNKNOWN
GLSA-200601-06

Source: CCN
Type: GLSA-200602-01
GStreamer FFmpeg plugin: Heap-based buffer overflow

Source: GENTOO
Type: UNKNOWN
GLSA-200602-01

Source: CCN
Type: GLSA-200603-03
MPlayer: Multiple integer overflows

Source: GENTOO
Type: UNKNOWN
GLSA-200603-03

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:228

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:229

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:230

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:231

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:232

Source: CCN
Type: OSVDB ID: 21458
FFmpeg libavcodec avcodec_default_get_buffer Function Overflow

Source: CCN
Type: OSVDB ID: 29312
FFmpeg libavcodec Multiple Overflows

Source: CCN
Type: OSVDB ID: 29553
FFmpeg Crafted "bad indexes" AVI Arbitrary Code Execution

Source: BID
Type: Patch
15743

Source: CCN
Type: BID-15743
FFmpeg LibAVCodec Heap Buffer Overflow Vulnerability

Source: CCN
Type: USN-230-1
ffmpeg vulnerability

Source: CCN
Type: USN-230-2
ffmpeg/xine-lib vulnerability

Source: DEBIAN
Type: UNKNOWN
DSA-992

Source: VUPEN
Type: Vendor Advisory
ADV-2005-2770

Source: CONFIRM
Type: UNKNOWN
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg

Source: CCN
Type: FFmpeg CVS Repository
CVS log for ffmpeg/libavcodec/utils.c

Source: CONFIRM
Type: UNKNOWN
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg

Source: CCN
Type: xine Web site
xine - A Free Video Player - News - xine-lib 1.1.2

Source: XF
Type: UNKNOWN
ffmpeg-libavcodec-bo(23502)

Source: UBUNTU
Type: UNKNOWN
USN-230-1

Source: UBUNTU
Type: UNKNOWN
USN-230-2

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*
  • OR cpe:/a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*
  • OR cpe:/a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*
  • OR cpe:/a:ffmpeg:ffmpeg:cvs:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:1004
    V
    buffer overflow
    2006-03-16
    oval:org.debian:def:1005
    V
    buffer overflow
    2006-03-16
    oval:org.debian:def:992
    V
    buffer overflow
    2006-03-10
    BACK
    ffmpeg ffmpeg 0.4.6
    ffmpeg ffmpeg 0.4.7
    ffmpeg ffmpeg 0.4.8
    ffmpeg ffmpeg 0.4.9
    ffmpeg ffmpeg cvs
    ffmpeg ffmpeg *
    gentoo linux *
    mandrakesoft mandrake linux corporate server 3.0
    debian debian linux 3.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0