Main Vulnerability Database Vulnerabilities #VU28236

Heap-based buffer overflow in ffjpeg - CVE-2019-16352

Published: May 25, 2020

Vulnerability identifier: #VU28236

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-16352

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ffjpeg

Software vendor:
rockcarry

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the jfif_load() at jfif.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

External links

https://github.com/rockcarry/ffjpeg/issues/12
https://github.com/rockcarry/ffjpeg/commit/b3039ae8022da67078c130bd19bc3008a037adb3

Heap-based buffer overflow in ffjpeg - CVE-2019-16352

Description

Remediation

External links

Please verify you're human