VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 7, 2005· Updated Apr 16, 2026

CVE-2005-4048

CVE-2005-4048

Description

Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.

Affected products

5
  • FFmpeg/Ffmpeg5 versions
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:cvs:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

30

News mentions

0

No linked articles in our index yet.