Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Mandriva Security Update Fixes FFmpeg Buffer Overflow Vulnerability

Title : Mandriva Security Update Fixes FFmpeg Buffer Overflow Vulnerability
VUPEN ID : VUPEN/ADV-2005-2901
CVE ID : CVE-2005-4048
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-12-15

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format 

Mandriva has released updated packages to address a vulnerability identified in FFmpeg. This flaw is due to a buffer overflow error in the "avcodec_default_get_buffer()" [utils.c] function of FFmpeg libavcodec that does not properly handle specially crafted "png" files, which could be exploited by remote attackers to execute arbitrary commands via a malicious image. For additional information, see : VUPEN/ADV-2005-2770

Affected Products

Mandriva Linux 2006.0
Corporate 3.0

Solution

Upgrade the affected packages :

Mandriva Linux 2006.0:
328ece4eb327ae1a8bd469e7cfd67a3e 2006.0/RPMS/ffmpeg-0.4.9-0.pre1.5.1.20060mdk.i586.rpm
56b14628f0c39a90e73efdd707c01abb 2006.0/RPMS/libffmpeg0-0.4.9-0.pre1.5.1.20060mdk.i586.rpm
26e70cd6bcf85d2da24ff21d23e54ec4 2006.0/RPMS/libffmpeg0-devel-0.4.9-0.pre1.5.1.20060mdk.i586.rpm
33c744c5c8b5e97b26d3a871c664f38d 2006.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
fffaeaf65e153d5c68ba8fc2e63f5a20 x86_64/2006.0/RPMS/ffmpeg-0.4.9-0.pre1.5.1.20060mdk.x86_64.rpm
cfe92867d45206761c2d0442fc94438b x86_64/2006.0/RPMS/lib64ffmpeg0-0.4.9-0.pre1.5.1.20060mdk.x86_64.rpm
69a16bc824805150c1c08660421215bf x86_64/2006.0/RPMS/lib64ffmpeg0-devel-0.4.9-0.pre1.5.1.20060mdk.x86_64.rpm
33c744c5c8b5e97b26d3a871c664f38d x86_64/2006.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.1.20060mdk.src.rpm

Corporate 3.0:
8c9f945457c3c6b6ea27bdc09b551228 corporate/3.0/RPMS/ffmpeg-0.4.8-7.2.C30mdk.i586.rpm
7a18cf6e760524cdc11dcb41674de4c4 corporate/3.0/RPMS/libffmpeg0-0.4.8-7.2.C30mdk.i586.rpm
a28eed315d715bf831fe4e1c4fa755b0 corporate/3.0/RPMS/libffmpeg0-devel-0.4.8-7.2.C30mdk.i586.rpm
c0933f7bdd4c18c2acbc87daaa575dc7 corporate/3.0/SRPMS/ffmpeg-0.4.8-7.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
005b38cf84986bcb47a96eae3312196c x86_64/corporate/3.0/RPMS/ffmpeg-0.4.8-7.2.C30mdk.x86_64.rpm
cd8c5a941ce2a7c8b3b1bd698627391c x86_64/corporate/3.0/RPMS/lib64ffmpeg0-0.4.8-7.2.C30mdk.x86_64.rpm
66c67e4a1bea207ecccd6b7c5336b489 x86_64/corporate/3.0/RPMS/lib64ffmpeg0-devel-0.4.8-7.2.C30mdk.x86_64.rpm
c0933f7bdd4c18c2acbc87daaa575dc7 x86_64/corporate/3.0/SRPMS/ffmpeg-0.4.8-7.2.C30mdk.src.rpm

References

http://www.vupen.com/english/advisories/2005/2901
http://www.frsirt.com/english/reference/2541

ChangeLog

2005-12-15 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-07-06

     

  Microsoft Windows 0-Day
  Flaw Exploited in the Wild


  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy