CVE-2005-4048

Name of the Vulnerable Software and Affected Versions FFmpeg libavcodec versions 0.4.9-pre1 and earlier

Description The issue is related to a heap-based buffer overflow in the avcodec default get buffer function, located in utils.c, which can be exploited by remote attackers to execute arbitrary commands. This can be achieved through the use of specially crafted small PNG images with palettes. The vulnerability affects products that utilize the FFmpeg libavcodec, including mplayer, xine-lib, Xmovie, and GStreamer.

Recommendations For FFmpeg libavcodec versions 0.4.9-pre1 and earlier, consider disabling the avcodec default get buffer function as a temporary workaround until a patch is available. Restrict the use of small PNG images with palettes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.