Vulnerability DatabaseCVE-2005-4048
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2005-4048
December 07, 2005
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.
Related Resources (31)
http://www.vupen.com/english/advisories/2005/2770
http://secunia.com/advisories/19279
http://secunia.com/advisories/18400
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg
https://usn.ubuntu.com/230-2/
https://usn.ubuntu.com/230-1/
http://www.mandriva.com/security/advisories?name=MDKSA-2005:231
http://secunia.com/advisories/17892
http://www.debian.org/security/2006/dsa-1005
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558
http://secunia.com/advisories/18739
http://secunia.com/advisories/18087
http://www.us.debian.org/security/2006/dsa-992
http://secunia.com/advisories/19192
http://www.mandriva.com/security/advisories?name=MDKSA-2005:232
http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup
http://secunia.com/advisories/19272
http://www.gentoo.org/security/en/glsa/glsa-200603-03.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:229
http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:230
http://www.debian.org/security/2006/dsa-1004
https://people.canonical.com/~ubuntu-security/cve/CVE-2005-4048
http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml
http://secunia.com/advisories/19114
http://secunia.com/advisories/18066
http://secunia.com/advisories/18107
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg
http://secunia.com/advisories/18746
http://www.securityfocus.com/bid/15743
http://www.mandriva.com/security/advisories?name=MDKSA-2005:228
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
7.5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-119
EPSS
Base Score:
5.92