MDKSA-2005:232
- Package name
- gstreamer-ffmpeg
- Date
- 2005-12-14
- Advisory ID
- MDKSA-2005:232
- Affected versions
- 2006.0 i586 , 2006.0 x86_64
Problem description
Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,
which can be exploited by malicious people to cause a DoS (Denial
of Service) and potentially to compromise a user's system.
The vulnerability is caused due to a boundary error in the
"avcodec_default_get_buffer()" function of "utils.c" in libavcodec.
This can be exploited to cause a heap-based buffer overflow when a
specially-crafted 1x1 ".png" file containing a palette is read.
Gstreamer-ffmpeg is built with a private copy of ffmpeg containing
this same code.
The updated packages have been patched to prevent this problem.
Updated packages
2006.0 i586
1e7f7ad8be3efcc5152901d1de9050c7 2006.0/RPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.i586.rpm 2923eb22aafa7aedd073516e47a7d94f 2006.0/SRPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.src.rpm
2006.0 x86_64
617b165113eb1af7e805d7c2423a771b x86_64/2006.0/RPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.x86_64.rpm 2923eb22aafa7aedd073516e47a7d94f x86_64/2006.0/SRPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.src.rpm