Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:10666
HistoryDec 16, 2005 - 12:00 a.m.

MDKSA-2005:229 - Updated xmovie packages fix buffer overflow vulnerability

2005-12-1600:00:00
vulners.com
12
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDKSA-2005:229
http://www.mandriva.com/security/

Package : xmovie
Date : December 14, 2005
Affected: 2006.0, Corporate 3.0

Problem Description:

Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,
which can be exploited by malicious people to cause a DoS (Denial
of Service) and potentially to compromise a user's system.

The vulnerability is caused due to a boundary error in the
"avcodec_default_get_buffer()" function of "utils.c" in libavcodec.
This can be exploited to cause a heap-based buffer overflow when a
specially-crafted 1x1 ".png" file containing a palette is read.

Xmovie is built with a private copy of ffmpeg containing this
same code.

The updated packages have been patched to prevent this problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048

Updated Packages:

Mandriva Linux 2006.0:
b6b3622d949af833f6fbb5b89a32a10d 2006.0/RPMS/xmovie-1.9.13-2.2.20060mdk.i586.rpm
48f0b55b1d8547eb77d3f4cf9787544b 2006.0/SRPMS/xmovie-1.9.13-2.2.20060mdk.src.rpm

Corporate 3.0:
3fae159ac8ab7aa190d341868009e3c6 corporate/3.0/RPMS/xmovie-1.9.11-1.2.C30mdk.i586.rpm
18674dd3aff5f923ac327bbf134aca8c corporate/3.0/SRPMS/xmovie-1.9.11-1.2.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDoImJmqjQ0CJFipgRAjvUAKCnN0bVkbd9HsA8+KgveXVd9DVKdwCfa0Hm
7jgGjjBwWM6iVdgSewMJviw=
=JTeK
-----END PGP SIGNATURE-----

Related

nessus 18
debian 6
gentoo 3
ubuntu 2
openvas 9
securityvulns 4
osv 2
debiancve 2
cve 3
ubuntucve 3
slackware 1
nessus
nessus
Mandrake Linux Security Advisory : ffmpeg (MDKSA-2005:231)
2006-01-15 00:00:00
Debian DSA-1004-1 : vlc - buffer overflow
2006-10-14 00:00:00
Debian DSA-1005-1 : xine-lib - buffer overflow
2006-10-14 00:00:00
debian
debian
[SECURITY] [DSA 992-1] New ffmpeg packages fix arbitrary code execution
2006-03-10 12:11:41
[SECURITY] [DSA 1004-1] New vlc packages fix arbitrary code execution
2006-03-16 16:16:44
[SECURITY] [DSA 992-1] New ffmpeg packages fix arbitrary code execution
2006-03-10 12:11:41
gentoo
gentoo
xine-lib, FFmpeg: Heap-based buffer overflow
2006-01-10 00:00:00
GStreamer FFmpeg plugin: Heap-based buffer overflow
2006-02-05 00:00:00
MPlayer: Multiple integer overflows
2006-03-04 00:00:00
ubuntu
ubuntu
ffmpeg vulnerability
2005-12-15 00:00:00
ffmpeg/xine-lib vulnerability
2005-12-16 00:00:00
openvas
openvas
Debian Security Advisory DSA 1004-1 (vlc)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200601-06 (xine-lib ffmpeg)
2008-09-24 00:00:00
Debian Security Advisory DSA 1005-1 (xine-lib)
2008-01-17 00:00:00
securityvulns
securityvulns
MDKSA-2005:232 - Updated gstreamer-ffmpeg packages fix buffer overflow vulnerability
2005-12-16 00:00:00
MDKSA-2005:230 - Updated mplayer packages fix buffer overflow vulnerability
2005-12-16 00:00:00
MDKSA-2005:231 - Updated ffmpeg packages fix buffer overflow vulnerability
2005-12-16 00:00:00
osv
osv
vlc - buffer overflow
2006-03-16 00:00:00
xine-lib - buffer overflow
2006-03-16 00:00:00
debiancve
debiancve
CVE-2005-4048
2005-12-07 11:03:00
CVE-2006-4800
2006-09-14 22:07:00
cve
cve
CVE-2005-4048
2005-12-07 11:03:00
CVE-2006-4799
2006-09-14 21:07:00
CVE-2006-4800
2006-09-14 22:07:00
ubuntucve
ubuntucve
CVE-2005-4048
2005-12-07 00:00:00
CVE-2006-4800
2006-09-14 00:00:00
CVE-2006-4799
2006-09-14 00:00:00
slackware
slackware
[slackware-security] xine-lib
2006-07-26 21:25:49
JSON
Related for SECURITYVULNS:DOC:10666
nessus18debian6gentoo3ubuntu2openvas9securityvulns4osv2debiancve2cve3ubuntucve3slackware1