CVE-2021-44956

Name of the Vulnerable Software and Affected Versions ffjpeg versions prior to 01.01.2021

Description The issue is related to a heap-based buffer overflow in the jfif decode function at ffjpeg/src/jfif.c, which could cause a Denial of Service by using a crafted jpeg file. This can be exploited by a remote attacker to cause a service disruption. The jfif decode() function is specifically vulnerable, potentially allowing an attacker to overflow a buffer in memory.

Recommendations For versions prior to 01.01.2021, as a temporary workaround, consider disabling the jfif decode() function until a patch is available. Restrict access to crafted jpeg files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.