Simon Kilvington

**Name of the Vulnerable Software and Affected Versions** FFmpeg libavcodec versions 0.4.9-pre1 and earlier **Description** The issue is related to a heap-based buffer overflow in the `avcodec default get buffer` function, located in `utils.c`, which can be exploited by remote attackers to execute arbitrary commands. This can be achieved through the use of specially crafted small PNG images with palettes. The vulnerability affects products that utilize the FFmpeg libavcodec, including mplayer, xine-lib, Xmovie, and GStreamer. **Recommendations** For FFmpeg libavcodec versions 0.4.9-pre1 and earlier, consider disabling the `avcodec default get buffer` function as a temporary workaround until a patch is available. Restrict the use of small PNG images with palettes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.