Waynedevmaze

#13843of 53,624
19.5Total CVSS
Vulnerabilities · 3
Medium
3
PT-2021-10931
6.5
2021-07-15
Unknown · Ok-File-Formats · CVE-2020-23706
**Name of the Vulnerable Software and Affected Versions** ok-file-formats through 2020-06-26 **Description** A heap-based buffer overflow issue in the `ok jpg decode block subsequent scan()` function allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. The issue is related to the `ok jpg.c` file at line 1102. **Recommendations** For ok-file-formats through 2020-06-26, consider disabling the `ok jpg decode block subsequent scan()` function as a temporary workaround to prevent Denial of Service attacks until a patch is available. Restrict access to handling crafted jpeg files to minimize the risk of exploitation.
PT-2021-10932
6.5
2021-07-15
Unknown · Ok-File-Formats · CVE-2020-23707
**Name of the Vulnerable Software and Affected Versions** ok-file-formats through 2020-06-26 **Description** A heap-based buffer overflow issue in the `ok jpg decode block progressive()` function at ok jpg.c:1054 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. **Recommendations** For ok-file-formats through 2020-06-26, consider disabling the `ok jpg decode block progressive()` function until a patch is available to prevent Denial of Service attacks via crafted jpeg files.
PT-2021-7739
6.5
2021-06-23
Ffjpeg · Ffjpeg · CVE-2020-23705
**Name of the Vulnerable Software and Affected Versions** ffjpeg versions through 2020-06-22 **Description** A global buffer overflow vulnerability in the `jfif encode()` function at `jfif.c:701` of the ffjpeg library allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. The vulnerability is related to the lack of size checking for input data during buffer copying, which can be exploited by a remote attacker to cause a service disruption. **Recommendations** For ffjpeg versions through 2020-06-22, as a temporary workaround, consider disabling the `jfif encode()` function until a patch is available. Restrict access to the `jfif.c` file to minimize the risk of exploitation. Avoid using the `jfif encode()` function with untrusted jpeg files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.