CVE-2021-44957

Name of the Vulnerable Software and Affected Versions ffjpeg versions prior to 01.01.2021

Description The issue is a global buffer overflow that could cause a Denial of Service by using a crafted jpeg file. It is similar to a previously known issue. The problem lies in the jfif encode function at ffjpeg/src/jfif.c (line 708), which is related to the copying of a buffer without checking the size of the input data. This could allow a remote attacker to cause a service disruption.

Recommendations For versions prior to 01.01.2021, as a temporary workaround, consider disabling the jfif encode function until a patch is available. Restrict access to the jfif.c module to minimize the risk of exploitation. Avoid using the jfif encode function in the affected ffjpeg library until the issue is resolved.