PT-2020-13541 · FFmpeg · Ffjpeg
Xiaoxiongwang
·
Published
2020-05-24
·
Updated
2023-08-17
·
CVE-2020-13439
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
ffjpeg versions prior to 2020-02-24
Description
The issue is related to a heap-based buffer over-read in the
jfif decode function located in jfif.c. This indicates a problem with how the software handles certain data, potentially leading to memory access errors.Recommendations
For versions prior to 2020-02-24, consider updating to a version released after this date to resolve the issue. As a temporary workaround, restricting access to the
jfif decode function in jfif.c may help minimize the risk of exploitation.Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ffjpeg