=========================================================== Ubuntu Security Notice USN-230-1 December 14, 2005 ffmpeg vulnerability CVE-2005-4048 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: libavcodec-dev kino The problem can be corrected by upgrading the affected package to version 3:0.cvs20050121-1ubuntu1.1 (libavcodec-dev), and 0.75-6ubuntu0.1 (kino). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Simon Kilvington discovered a buffer overflow in the avcodec_default_get_buffer() function of the ffmpeg library. By tricking an user into opening a malicious movie which contains specially crafted PNG images, this could be exploited to execute arbitrary code with the user's privileges.