[gstreamer-bugs] [Bug 324209] New: [CVE-2005-4048] avcodec_default_get_buffer heap overflow

Thu Dec 15 11:43:40 PST 2005

Do not reply to this via email (we are currently unable to handle email
responses and they get discarded).  You can add comments to this bug at
http://bugzilla.gnome.org/show_bug.cgi?id=324209
 GStreamer | gst-ffmpeg | Ver: 0.8.7

           Summary: [CVE-2005-4048] avcodec_default_get_buffer heap overflow
           Product: GStreamer
           Version: 0.8.7
          Platform: Other
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: major
          Priority: Urgent
         Component: gst-ffmpeg
        AssignedTo: gstreamer-bugs at lists.sourceforge.net
        ReportedBy: lool+gnome at via.ecp.fr
         QAContact: gstreamer-bugs at lists.sourceforge.net
                CC: all-bugs at bugzilla.gnome.org

Hi,

CVE-2005-4048 was brought to my attention, this is a heap overflow in
avcodec_default_get_buffer present in gst-ffmpeg 0.8.7.

The discovery:
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558

Upstream's commit:
http://mplayerhq.hu/pipermail/ffmpeg-cvslog/2005-December/000979.html

I'll attach a patch against 0.8.7.

Cheers,

------- You are receiving this mail because: -------
You are the assignee for the bug.
You are the QA contact for the bug.