A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
libavcodec-dev kino
The problem can be corrected by upgrading the affected package to version 3:0.cvs20050121-1ubuntu1.1 (libavcodec-dev), and 0.75-6ubuntu0.1 (kino). In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Simon Kilvington discovered a buffer overflow in the avcodec_default_get_buffer() function of the ffmpeg library. By tricking an user into opening a malicious movie which contains specially crafted PNG images, this could be exploited to execute arbitrary code with the user's privileges.