Search for vulnerabilities
Vulnerability details: VCID-fvn3-gpwg-aaae
Vulnerability ID VCID-fvn3-gpwg-aaae
Aliases CVE-2005-4048
Summary Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
epss 0.01087 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.01087 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.01087 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.01087 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.01087 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.01087 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.01087 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.01087 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.01087 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.01087 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.01087 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.01524 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.02535 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.02535 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.02535 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.02535 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.05923 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
epss 0.07336 https://api.first.org/data/v1/epss?cve=CVE-2005-4048
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2005-4048
Reference id Reference type URL
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558
http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup
https://api.first.org/data/v1/epss?cve=CVE-2005-4048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048
http://secunia.com/advisories/17892
http://secunia.com/advisories/18066
http://secunia.com/advisories/18087
http://secunia.com/advisories/18107
http://secunia.com/advisories/18400
http://secunia.com/advisories/18739
http://secunia.com/advisories/18746
http://secunia.com/advisories/19114
http://secunia.com/advisories/19192
http://secunia.com/advisories/19272
http://secunia.com/advisories/19279
https://usn.ubuntu.com/230-1/
https://usn.ubuntu.com/230-2/
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg
http://www.debian.org/security/2006/dsa-1004
http://www.debian.org/security/2006/dsa-1005
http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml
http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml
http://www.gentoo.org/security/en/glsa/glsa-200603-03.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:228
http://www.mandriva.com/security/advisories?name=MDKSA-2005:229
http://www.mandriva.com/security/advisories?name=MDKSA-2005:230
http://www.mandriva.com/security/advisories?name=MDKSA-2005:231
http://www.mandriva.com/security/advisories?name=MDKSA-2005:232
http://www.securityfocus.com/bid/15743
http://www.us.debian.org/security/2006/dsa-992
http://www.vupen.com/english/advisories/2005/2770
342207 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342207
cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:cvs:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:cvs:*:*:*:*:*:*:*
CVE-2005-4048 https://nvd.nist.gov/vuln/detail/CVE-2005-4048
GLSA-200601-06 https://security.gentoo.org/glsa/200601-06
GLSA-200602-01 https://security.gentoo.org/glsa/200602-01
GLSA-200603-03 https://security.gentoo.org/glsa/200603-03
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2005-4048
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.84866
EPSS Score 0.01087
Published At Nov. 18, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.