RSS   Podatności dla 'Ffjpeg'   RSS

2022-05-05
 
CVE-2022-28471

CWE-190
 

 
In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38

 
2022-03-10
 
CVE-2021-34122

CWE-476
 

 
The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference.

 
2022-02-11
 
CVE-2021-45385

CWE-476
 

 
A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the program. So the program crashes when it tries to access the pb->data, in jfif_encode() at jfif.c:763. This is due to the incomplete patch for CVE-2020-13438.

 
2022-02-08
 
CVE-2021-44956

CWE-787
 

 
Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file.

 
 
CVE-2021-44957

CWE-120
 

 
Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file.

 
2021-05-18
 
CVE-2020-23851

CWE-787
 

 
A stack-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c:513:28, which could cause a denial of service by submitting a malicious jpeg image.

 
 
CVE-2020-23852

CWE-787
 

 
A heap based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c (line 544 & line 545), which could cause a denial of service by submitting a malicious jpeg image.

 
2020-07-01
 
CVE-2020-15470

CWE-787
 

 
ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c.

 
2020-05-24
 
CVE-2020-13440

CWE-787
 

 
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.

 
 
CVE-2020-13439

CWE-125
 

 
ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.

 


Copyright 2022, cxsecurity.com

 

Back to Top