FFmpeg.cbs_jpeg.c.cbs_jpeg_split_fragment.Buffer.Overflow
Description
This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in FFmpeg.
The vulnerability is due to missing length check when handling JPEG_MARKER_SOS by the function cbs_jpeg_split_fragment() in libavcodec/cbs_jpeg.c. A remote unauthenticated attacker could exploit this vulnerability by enticing a target user to open a malformed media file with an affected version of FFmpeg, or an application using an affected version of FFmpeg libraries. Successful exploitation could lead to arbitrary code execution in the security context of the target user.
Affected Products
FFmpeg Project Team FFmpeg 4.2.2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://ffmpeg.org/security.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-04-01 | 18.050 | Default_action:pass:drop |
2020-09-07 | 16.918 | Sig Added |
2020-07-22 | 15.892 | Sig Added |
2020-07-14 | 15.885 |