Product:

Ffjpeg

(Rockcarry)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 19
Date Id Summary Products Score Patch Annotated
2022-02-11 CVE-2021-45385 A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the program. So the program crashes when it tries to access the pb->data, in jfif_encode() at jfif.c:763. This is due to the incomplete patch for CVE-2020-13438. Ffjpeg 6.5
2022-03-10 CVE-2021-34122 The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference. Ffjpeg 5.5
2022-05-05 CVE-2022-28471 In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38 Ffjpeg 6.5
2023-08-11 CVE-2020-24222 Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN. Ffjpeg 7.8
2018-09-10 CVE-2018-16781 ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table. Ffjpeg 6.5
2019-09-16 CVE-2019-16350 ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c. Ffjpeg 6.5
2019-09-16 CVE-2019-16351 ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c. Ffjpeg 6.5
2019-09-16 CVE-2019-16352 ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c. Ffjpeg 6.5
2019-12-18 CVE-2019-19887 bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_encode. Ffjpeg 6.5
2019-12-18 CVE-2019-19888 jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zero error. Ffjpeg 6.5