Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ffjpeg
(Rockcarry)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 19 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-05-24 | CVE-2020-13438 | ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c. | Ffjpeg | 6.5 | ||
| 2020-05-24 | CVE-2020-13439 | ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c. | Ffjpeg | 6.5 | ||
| 2020-05-24 | CVE-2020-13440 | ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c. | Ffjpeg | 6.5 | ||
| 2020-07-01 | CVE-2020-15470 | ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c. | Ffjpeg | 5.5 | ||
| 2021-05-18 | CVE-2020-23851 | A stack-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c:513:28, which could cause a denial of service by submitting a malicious jpeg image. | Ffjpeg | 5.5 | ||
| 2021-05-18 | CVE-2020-23852 | A heap based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c (line 544 & line 545), which could cause a denial of service by submitting a malicious jpeg image. | Ffjpeg | 5.5 | ||
| 2021-07-15 | CVE-2020-23705 | A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | Ffjpeg | 6.5 | ||
| 2022-02-08 | CVE-2021-44956 | Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file. | Ffjpeg | 6.5 | ||
| 2022-02-08 | CVE-2021-44957 | Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file. | Ffjpeg | 6.5 | ||
| 2022-02-11 | CVE-2021-45385 | A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the program. So the program crashes when it tries to access the pb->data, in jfif_encode() at jfif.c:763. This is due to the incomplete patch for CVE-2020-13438. | Ffjpeg | 6.5 |