Описание
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ffmpeg | fixed | 0.cvs20050918-5.1 | package | |
| xmovie | removed | package | ||
| xine-lib | fixed | 1.0.1-1.5 | package | |
| mplayer | not-affected | package | ||
| gst-ffmpeg | fixed | 0.8.7-5 | package | |
| vlc | fixed | 0.8.4.debian-2 | package |
Примечания
kino, smilutils, motion and vlc link statically against libavcodec, need a recompile once ffmpeg is fixed
smilutils, motion, kino link statically against libavcodec, but don't use the vulnerable function
EPSS
Связанные уязвимости
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.
Уязвимость функции avcodec_default_get_buffer (utils.c) библиотеки Libavcodec из состава мультимедийных библиотек Ffmpeg, позволяющая нарушителю выполнить произвольный код
EPSS