VDB
CVE-2005-4048
CVE-2005-4048
PUBLISHED
CVSS 7.5 HIGH
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.
EPSS 5.25% · 90.2th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
5.25%
90.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| ffmpeg | ffmpeg | 0.4.7, 0.4.8, 0.4.9 |
Timeline
- Dec 7, 2005 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- DSA-992 vendor-advisory
- GLSA-200602-01 vendor-advisory
- MDKSA-2005:229 vendor-advisory
- MDKSA-2005:232 vendor-advisory
- 19272 third-party-advisory
- USN-230-1 vendor-advisory
- DSA-1005 vendor-advisory
- 19114 third-party-advisory
- GLSA-200601-06 vendor-advisory
- 18087 third-party-advisory
- ADV-2005-2770 vdb
- http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg url
- http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup url
- 18400 third-party-advisory
- MDKSA-2005:230 vendor-advisory
- GLSA-200603-03 vendor-advisory
- 17892 third-party-advisory
- 18746 third-party-advisory
- MDKSA-2005:228 vendor-advisory
- 19192 third-party-advisory
…and 13 more