CVE-2005-4048
Published: 7 December 2005
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.
Priority
Status
Package | Release | Status |
---|---|---|
ffmpeg Launchpad, Ubuntu, Debian |
dapper |
Released
(3:0.cvs20050918-5ubuntu1.2)
|
edgy |
Released
(0.cvs20060823-3.1ubuntu1)
|
|
feisty |
Released
(0.cvs20060823-3.1ubuntu1)
|
|
gutsy |
Released
(0.cvs20060823-3.1ubuntu1)
|
|
hardy |
Released
(0.cvs20060823-3.1ubuntu1)
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
upstream |
Needs triage
|
|
gst-ffmpeg Launchpad, Ubuntu, Debian |
dapper |
Released
(0.8.7-5ubuntu1)
|
edgy |
Released
(0.8.7-5ubuntu1)
|
|
feisty |
Released
(0.8.7-5ubuntu1)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
gstreamer0.10-ffmpeg Launchpad, Ubuntu, Debian |
dapper |
Released
(0.10.1-0ubuntu2)
|
edgy |
Released
(0.10.1-0ubuntu2)
|
|
feisty |
Released
(0.10.1-0ubuntu2)
|
|
gutsy |
Released
(0.10.1-0ubuntu2)
|
|
hardy |
Released
(0.10.1-0ubuntu2)
|
|
intrepid |
Released
(0.10.1-0ubuntu2)
|
|
jaunty |
Released
(0.10.1-0ubuntu2)
|
|
karmic |
Released
(0.10.1-0ubuntu2)
|
|
upstream |
Needs triage
|
|
kino Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
edgy |
Not vulnerable
|
|
feisty |
Not vulnerable
|
|
gutsy |
Not vulnerable
|
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
upstream |
Needs triage
|
|
vlc Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Released
(0.8.6-svn20061012.debian-1ubuntu1.1)
|
|
feisty |
Released
(0.8.6.release-0ubuntu4)
|
|
gutsy |
Released
(0.8.6.release-0ubuntu4)
|
|
hardy |
Released
(0.8.6.release-0ubuntu4)
|
|
intrepid |
Released
(0.8.6.release-0ubuntu4)
|
|
jaunty |
Released
(0.8.6.release-0ubuntu4)
|
|
karmic |
Released
(0.8.6.release-0ubuntu4)
|
|
upstream |
Needs triage
|
|
xine-extracodecs Launchpad, Ubuntu, Debian |
dapper |
Released
(1.1.1+ubuntu1-2)
|
edgy |
Released
(1.1.1+ubuntu1-2)
|
|
feisty |
Released
(1.1.1+ubuntu1-2)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
xine-lib Launchpad, Ubuntu, Debian |
dapper |
Released
(1.1.1+ubuntu2-7.7)
|
edgy |
Released
(1.1.2+repacked1-0ubuntu3.4)
|
|
feisty |
Released
(1.1.4-2ubuntu3)
|
|
gutsy |
Released
(1.1.4-2ubuntu3)
|
|
hardy |
Released
(1.1.4-2ubuntu3)
|
|
intrepid |
Released
(1.1.4-2ubuntu3)
|
|
jaunty |
Released
(1.1.4-2ubuntu3)
|
|
karmic |
Released
(1.1.4-2ubuntu3)
|
|
upstream |
Needs triage
|