CVE-2020-12284

Опубликовано: 28 апр. 2020

Источник: debian

EPSS Низкий

Описание

cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ffmpeg	fixed	7:4.2.3-1		package
ffmpeg	not-affected		stretch	package

Примечания

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734
https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726

EPSS

Процентиль: 91%

0.06437

Низкий

Связанные уязвимости

CVE-2020-12284

CVSS3: 9.8

ubuntu

почти 6 лет назад

cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.

CVE-2020-12284

CVSS3: 9.8

redhat

почти 6 лет назад

cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.

CVE-2020-12284

CVSS3: 9.8

nvd

почти 6 лет назад

cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.

GHSA-qvcx-wpfr-c8wc

CVSS3: 9.8

github

больше 3 лет назад

cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.

BDU:2020-02828

CVSS3: 9.8

fstec

около 6 лет назад

Уязвимость функции cbs_jpeg_split_fragment мультимедийной библиотеки Ffmpeg, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 91%

0.06437

Низкий