CVE-2020-23706

Name of the Vulnerable Software and Affected Versions ok-file-formats through 2020-06-26

Description A heap-based buffer overflow issue in the ok jpg decode block subsequent scan() function allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. The issue is related to the ok jpg.c file at line 1102.

Recommendations For ok-file-formats through 2020-06-26, consider disabling the ok jpg decode block subsequent scan() function as a temporary workaround to prevent Denial of Service attacks until a patch is available. Restrict access to handling crafted jpeg files to minimize the risk of exploitation.