CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Ffjpeg Project » Ffjpeg » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:ffjpeg_project:ffjpeg:*:*:*:*:*:*:*:*
CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-44957 120 DoS Overflow 2022-02-08 2022-02-11
4.3
 None Remote Medium Not required None None Partial
Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file.
2 CVE-2021-44956 787 DoS Overflow 2022-02-08 2022-02-11
4.3
 None Remote Medium Not required None None Partial
Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file.
3 CVE-2021-34122 476 2022-03-10 2022-03-15
4.3
 None Remote Medium Not required None None Partial
The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference.
4 CVE-2020-23852 787 DoS Overflow 2021-05-18 2021-05-24
4.3
 None Remote Medium Not required None None Partial
A heap based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c (line 544 & line 545), which could cause a denial of service by submitting a malicious jpeg image.
5 CVE-2020-23851 787 DoS Overflow 2021-05-18 2021-05-24
4.3
 None Remote Medium Not required None None Partial
A stack-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c:513:28, which could cause a denial of service by submitting a malicious jpeg image.
6 CVE-2020-23705 120 DoS Overflow 2021-07-15 2021-07-27
4.3
 None Remote Medium Not required None None Partial
A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.
7 CVE-2020-15470 787 Overflow 2020-07-01 2020-07-06
4.3
 None Remote Medium Not required None None Partial
ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c.
8 CVE-2020-13440 787 2020-05-24 2020-05-27
4.3
 None Remote Medium Not required None None Partial
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.
9 CVE-2020-13439 125 2020-05-24 2020-05-27
4.3
 None Remote Medium Not required None None Partial
ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.
10 CVE-2020-13438 125 2020-05-24 2020-05-27
4.3
 None Remote Medium Not required None None Partial
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.
11 CVE-2019-19888 369 2019-12-18 2019-12-23
4.3
 None Remote Medium Not required None None Partial
jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zero error.
12 CVE-2019-19887 476 2019-12-18 2019-12-23
4.3
 None Remote Medium Not required None None Partial
bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_encode.
13 CVE-2019-16352 787 Overflow 2019-09-16 2020-08-24
4.3
 None Remote Medium Not required None None Partial
ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c.
14 CVE-2019-16351 476 2019-09-16 2019-09-16
4.3
 None Remote Medium Not required None None Partial
ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c.
15 CVE-2019-16350 476 2019-09-16 2019-09-16
4.3
 None Remote Medium Not required None None Partial
ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c.
16 CVE-2018-16781 682 DoS 2018-09-10 2020-08-24
4.3
 None Remote Medium Not required None None Partial
ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table.
Total number of vulnerabilities : 16   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.