{ "schema_version": "1.4.0", "id": "GHSA-f7pg-m34f-mphj", "modified": "2025-04-03T04:21:23Z", "published": "2022-05-01T02:23:52Z", "aliases": [ "CVE-2005-4048" ], "details": "Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.", "severity": [], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4048" }, { "type": "WEB", "url": "https://usn.ubuntu.com/230-1" }, { "type": "WEB", "url": "https://usn.ubuntu.com/230-2" }, { "type": "WEB", "url": "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558" }, { "type": "WEB", "url": "http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup" }, { "type": "WEB", "url": "http://secunia.com/advisories/17892" }, { "type": "WEB", "url": "http://secunia.com/advisories/18066" }, { "type": "WEB", "url": "http://secunia.com/advisories/18087" }, { "type": "WEB", "url": "http://secunia.com/advisories/18107" }, { "type": "WEB", "url": "http://secunia.com/advisories/18400" }, { "type": "WEB", "url": "http://secunia.com/advisories/18739" }, { "type": "WEB", "url": "http://secunia.com/advisories/18746" }, { "type": "WEB", "url": "http://secunia.com/advisories/19114" }, { "type": "WEB", "url": "http://secunia.com/advisories/19192" }, { "type": "WEB", "url": "http://secunia.com/advisories/19272" }, { "type": "WEB", "url": "http://secunia.com/advisories/19279" }, { "type": "WEB", "url": "http://www.debian.org/security/2006/dsa-1004" }, { "type": "WEB", "url": "http://www.debian.org/security/2006/dsa-1005" }, { "type": "WEB", "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml" }, { "type": "WEB", "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml" }, { "type": "WEB", "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-03.xml" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:228" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:229" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:230" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:231" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:232" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/15743" }, { "type": "WEB", "url": "http://www.us.debian.org/security/2006/dsa-992" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2005/2770" }, { "type": "WEB", "url": "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg" }, { "type": "WEB", "url": "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg" } ], "database_specific": { "cwe_ids": [ "CWE-119" ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2005-12-07T11:03:00Z" } }