SB2019121830 - Multiple vulnerabilities in ffjpeg library

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2019-19887)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in jfif_encode() function. A remote attacker can perform a denial of service (DoS) attack via a specially crafted file.

2) Division by zero (CVE-ID: CVE-2019-19888)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to divide-by-zero error within the jfif_decode() function in jfif.c. A remote attacker can pass a specially crafted file to the application and perform a denial of service attack.

3) NULL pointer dereference (CVE-ID: CVE-2019-16350)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in idct2d8x8() at dct.c. A remote attacker can perform a denial of service (DoS) attack.

4) NULL pointer dereference (CVE-ID: CVE-2019-16351)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in huffman_decode_step() at huffman.c. A remote attacker can perform a denial of service (DoS) attack.

5) Heap-based buffer overflow (CVE-ID: CVE-2019-16352)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the jfif_load() at jfif.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) Input validation error (CVE-ID: CVE-2018-16781)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing JPEG files that lack an AC Huffman table. A remote attacker can pass specially crafted file to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://github.com/rockcarry/ffjpeg/issues/14
• https://github.com/rockcarry/ffjpeg/commit/5d07fff4a228b1309c9ffa2c35f0b9e332977018
• https://github.com/rockcarry/ffjpeg/issues/13
• https://github.com/rockcarry/ffjpeg/commit/d6158811dbb4e97dc1cc9820ed0e846468366658
• https://github.com/rockcarry/ffjpeg/issues/10
• https://github.com/rockcarry/ffjpeg/commit/b3039ae8022da67078c130bd19bc3008a037adb3
• https://github.com/rockcarry/ffjpeg/issues/11
• https://github.com/rockcarry/ffjpeg/issues/12
• https://github.com/rockcarry/ffjpeg/issues/6