Main Security Downloads Forum Free e-books Security Advisories Vulnerabilities IT News Virus Central Services Advertise Newsletter Shop Search Wap-PDA/mobile Other Affiliates Contact RSS feeds

Vendor: Mandriva Vendor ID: MDKSA-2005:230 Title: ffmpeg denial of service Publishing date: December 14, 2005 Published by: Nikola Strahija Other advisories by Mandriva: Perl log flaw Imlib2 images process crash bug KDE denial of service vulnerability Libfreetype arbitrary code execution Webmin, Usermin decoding vulnerability CVE: CVE-2005-4048     Printable version  |    Send to a friend   Security Advisory info: Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the "avcodec_default_get_buffer()" function of "utils.c" in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 ".png" file containing a palette is read. Scroll down to see the full advisory -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2005:231 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ffmpeg Date : December 14, 2005 Affected: 2006.0, Corporate 3.0 _______________________________________________________________________ Problem Description: Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the "avcodec_default_get_buffer()" function of "utils.c" in libavcodec. This can be exploited to cause a heap-based buffer overflow when a specially-crafted 1x1 ".png" file containing a palette is read. The updated packages have been patched to prevent this problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 328ece4eb327ae1a8bd469e7cfd67a3e 2006.0/RPMS/ffmpeg-0.4.9-0.pre1.5.1.20060mdk.i586.rpm 56b14628f0c39a90e73efdd707c01abb 2006.0/RPMS/libffmpeg0-0.4.9-0.pre1.5.1.20060mdk.i586.rpm 26e70cd6bcf85d2da24ff21d23e54ec4 2006.0/RPMS/libffmpeg0-devel-0.4.9-0.pre1.5.1.20060mdk.i586.rpm 33c744c5c8b5e97b26d3a871c664f38d 2006.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: fffaeaf65e153d5c68ba8fc2e63f5a20 x86_64/2006.0/RPMS/ffmpeg-0.4.9-0.pre1.5.1.20060mdk.x86_64.rpm cfe92867d45206761c2d0442fc94438b x86_64/2006.0/RPMS/lib64ffmpeg0-0.4.9-0.pre1.5.1.20060mdk.x86_64.rpm 69a16bc824805150c1c08660421215bf x86_64/2006.0/RPMS/lib64ffmpeg0-devel-0.4.9-0.pre1.5.1.20060mdk.x86_64.rpm 33c744c5c8b5e97b26d3a871c664f38d x86_64/2006.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.1.20060mdk.src.rpm Corporate 3.0: 8c9f945457c3c6b6ea27bdc09b551228 corporate/3.0/RPMS/ffmpeg-0.4.8-7.2.C30mdk.i586.rpm 7a18cf6e760524cdc11dcb41674de4c4 corporate/3.0/RPMS/libffmpeg0-0.4.8-7.2.C30mdk.i586.rpm a28eed315d715bf831fe4e1c4fa755b0 corporate/3.0/RPMS/libffmpeg0-devel-0.4.8-7.2.C30mdk.i586.rpm c0933f7bdd4c18c2acbc87daaa575dc7 corporate/3.0/SRPMS/ffmpeg-0.4.8-7.2.C30mdk.src.rpm Corporate 3.0/X86_64: 005b38cf84986bcb47a96eae3312196c x86_64/corporate/3.0/RPMS/ffmpeg-0.4.8-7.2.C30mdk.x86_64.rpm cd8c5a941ce2a7c8b3b1bd698627391c x86_64/corporate/3.0/RPMS/lib64ffmpeg0-0.4.8-7.2.C30mdk.x86_64.rpm 66c67e4a1bea207ecccd6b7c5336b489 x86_64/corporate/3.0/RPMS/lib64ffmpeg0-devel-0.4.8-7.2.C30mdk.x86_64.rpm c0933f7bdd4c18c2acbc87daaa575dc7 x86_64/corporate/3.0/SRPMS/ffmpeg-0.4.8-7.2.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDoIvSmqjQ0CJFipgRAvWxAJ9yOBnb23UJaYz6Qop3euOTW7Xr8QCg2VH2 nQECP6rdrur/l2TikKV1V30= =+fkD -----END PGP SIGNATURE-----     Printable version  |    Send to a friend

	Our Services			Information			Our Online Shop			Community Forum Topics
	Free weekly Newsletter Advertise on Xatrix Monthly News Archive Community Forum			Impressum/about Contributing Newsletter archive Latest bugs			Top sellers New Items Books Software			for micrsoft 2003 Admin Request---PHI... setting up a new se... Beautiful girls
Our Privacy Policy | Contact Us Powered by TiP / Rapid IT | HITB.org All content on this website is property of Xatrix Security if not noted otherwise. Copyright 2000 - 2010 Xatrix Security