cbcvebase.
CVE-2005-4048
published 2005-12-07

CVE-2005-4048: Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1)…

PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
5.21%
91.5th percentile
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.

Affected

30 ranges· showing 25
VendorProductVersion rangeFixed in
debianffmpeg< ffmpeg 0.cvs20060329-1 (bookworm)ffmpeg 0.cvs20060329-1 (bookworm)
debianffmpeg< ffmpeg 0.cvs20050918-5.1 (bookworm)ffmpeg 0.cvs20050918-5.1 (bookworm)
debianmplayer< ffmpeg 0.cvs20060329-1 (bookworm)ffmpeg 0.cvs20060329-1 (bookworm)
debianmplayer< ffmpeg 0.cvs20050918-5.1 (bookworm)ffmpeg 0.cvs20050918-5.1 (bookworm)
debianvlc< ffmpeg 0.cvs20050918-5.1 (bookworm)ffmpeg 0.cvs20050918-5.1 (bookworm)
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg>= 0 < 0.cvs20060329-10.cvs20060329-1
ffmpegffmpeg>= 0 < 0.cvs20050918-5.10.cvs20050918-5.1
ffmpegffmpeg>= 0 < 0.cvs20060329-10.cvs20060329-1
ffmpegffmpeg>= 0 < 0.cvs20050918-5.10.cvs20050918-5.1
ffmpegffmpeg>= 0 < 0.cvs20060329-10.cvs20060329-1
ffmpegffmpeg>= 0 < 0.cvs20050918-5.10.cvs20050918-5.1
ffmpegffmpeg>= 0 < 0.cvs20060329-10.cvs20060329-1
ffmpegffmpeg>= 0 < 0.cvs20050918-5.10.cvs20050918-5.1
mplayermplayer>= 0 < 1.0~rc1-11.0~rc1-1
mplayermplayer>= 0 < 1.0~rc1-11.0~rc1-1
mplayermplayer>= 0 < 1.0~rc1-11.0~rc1-1
mplayermplayer>= 0 < 1.0~rc1-11.0~rc1-1
videolanvlc_media_player>= 0 < 0.8.4.debian-20.8.4.debian-2
videolanvlc_media_player>= 0 < 0.8.4.debian-20.8.4.debian-2
videolanvlc_media_player>= 0 < 0.8.4.debian-20.8.4.debian-2

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.