Intrusion Prevention

FFmpeg.cbs_jpeg.c.cbs_jpeg_split_fragment.Buffer.Overflow

Description

This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in FFmpeg.
The vulnerability is due to missing length check when handling JPEG_MARKER_SOS by the function cbs_jpeg_split_fragment() in libavcodec/cbs_jpeg.c. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to open a malformed media file with an affected version of FFmpeg, or an application using an affected version of FFmpeg libraries. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Affected Products

FFmpeg Project Team FFmpeg 4.2.2

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://ffmpeg.org/security.html

CVE References

CVE-2020-12284