aru Posted December 15, 2005 Report Share Posted December 15, 2005 Mandriva Advisories MDKSA-2005:232 : gstreamer-ffmpeg Updated gstreamer-ffmpeg packages fix buffer overflow vulnerability December 14th, 2005 Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the "avcodec_default_get_buffer()" function of "utils.c" in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 ".png" file containing a palette is read. Gstreamer-ffmpeg is built with a private copy of ffmpeg containing this same code. The updated packages have been patched to prevent this problem. The released versions of Mandriva GNU/Linux affected are: 2006.0Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:232 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts