FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ffmpeg -- libavcodec buffer overflow vulnerability

Affected packages
ffmpeg < 0.4.9.p1_4
ffmpeg-devel < 0.4.9.c.2005120600


VuXML ID 964161cd-6715-11da-99f6-00123ffe8333
Discovery 2005-11-30
Entry 2005-12-07

Secunia reports:

Simon Kilvington has reported a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.

The vulnerability is caused due to a boundary error in the "avcodec_default_get_buffer()" function of "utils.c" in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 ".png" file containing a palette is read.