CVE-2020-23852

Name of the Vulnerable Software and Affected Versions ffjpeg versions through 2020-07-02

Description A heap-based buffer overflow issue exists in the jfif decode() function at ffjpeg/src/jfif.c (line 544 and line 545), which could cause a denial of service by submitting a malicious jpeg image. This issue is related to the jfif decode(void *ctxt, BMP *pb) function and may allow an attacker to cause a service disruption.

Recommendations For versions through 2020-07-02, consider disabling the jfif decode() function as a temporary workaround until a patch is available. Restrict access to the jfif.c module to minimize the risk of exploitation. Avoid using the jfif decode() function in the affected ffjpeg library until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.