FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ffmpeg -- libavcodec buffer overflow vulnerability

Affected packages
ffmpeg < 0.4.9.p1_4
ffmpeg-devel < 0.4.9.c.2005120600

Details

VuXML ID 964161cd-6715-11da-99f6-00123ffe8333
Discovery 2005-11-30
Entry 2005-12-07

Secunia reports:

Simon Kilvington has reported a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.

The vulnerability is caused due to a boundary error in the "avcodec_default_get_buffer()" function of "utils.c" in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 ".png" file containing a palette is read.

References

URL http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558
URL http://secunia.com/advisories/17892/