Your submission was sent successfully! Close

USN-230-1: ffmpeg vulnerability

15 December 2005

ffmpeg vulnerability



Simon Kilvington discovered a buffer overflow in the
avcodec_default_get_buffer() function of the ffmpeg library. By
tricking an user into opening a malicious movie which contains
specially crafted PNG images, this could be exploited to execute
arbitrary code with the user's privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
  • kino -
  • libavcodec-dev -

In general, a standard system update will make all the necessary changes.


Related notices