CVE-2020-23851

Name of the Vulnerable Software and Affected Versions: ffjpeg versions prior to 2020-07-02

Description: A stack-based buffer overflow issue exists in the jfif decode(void *ctxt, BMP *pb) function, which could cause a denial of service by submitting a malicious jpeg image. The issue is related to the jfif decode function at ffjpeg/src/jfif.c:513:28.

Recommendations: For ffjpeg versions prior to 2020-07-02, as a temporary workaround, consider disabling the jfif decode function until a patch is available. Restrict access to handling jpeg images to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.