FFmpeg.cbs_jpeg.c.cbs_jpeg_split_fragment.Buffer.Overflow

description-logoDescription

This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in FFmpeg.
The vulnerability is due to missing length check when handling JPEG_MARKER_SOS by the function cbs_jpeg_split_fragment() in libavcodec/cbs_jpeg.c. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to open a malformed media file with an affected version of FFmpeg, or an application using an affected version of FFmpeg libraries. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

affected-products-logoAffected Products

FFmpeg Project Team FFmpeg 4.2.2

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
http://ffmpeg.org/security.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-04-01 18.050 Default_action:pass:drop
2020-09-07 16.918 Sig Added
2020-07-22 15.892 Sig Added
2020-07-14 15.885