CVE-2021-45385

Name of the Vulnerable Software and Affected Versions ffjpeg version d5cfd49 (2021-12-06)

Description A Null Pointer Dereference issue exists due to incomplete patching. When size information in the metadata of a bmp file is out of range, the program fails to assign a memory buffer to pb->pdata but continues execution, leading to a crash when trying to access pb->data in jfif encode() at jfif.c:763.

Recommendations For ffjpeg version d5cfd49 (2021-12-06), as a temporary workaround, consider adding a check to ensure pb->pdata is assigned a valid memory buffer before accessing pb->data to prevent the program from crashing. At the moment, there is no information about a newer version that contains a fix for this issue.