Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:229: xmovie Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the xmovie package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:229 (xmovie).
Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially to compromise a user's system. The vulnerability is caused due to a
boundary error in the 'avcodec_default_get_buffer()' function of 'utils.c' in
libavcodec. This can be exploited to cause a heap-based buffer overflow when a
specially-crafted 1x1 '.png' file containing a palette is read. Xmovie is built
with a private copy of ffmpeg containing this same code. The updated packages
have been patched to prevent this problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:229
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.