CVE-2019-16351
Description
ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A NULL pointer dereference in ffjpeg's huffman_decode_step() function allows attackers to cause a denial of service via a crafted JPEG file.
Vulnerability
In ffjpeg versions before 2019-08-18, a NULL pointer dereference vulnerability exists in the huffman_decode_step() function in huffman.c at line 371 [1]. The vulnerability occurs when the function is called with a zero pointer (phc), leading to a read access violation. This affects the master branch at commit 627c8a9 [1].
Exploitation
An attacker can trigger the vulnerability by providing a specially crafted JPEG file and executing ./ffjpeg -d $POC [1]. The attacker does not need authentication or special privileges; only the ability to supply a malicious file as input to the ffjpeg decoder. No user interaction beyond running the application is required.
Impact
Successful exploitation results in a segmentation fault, causing the application to crash. This is a denial-of-service (DoS) condition. No other impact (such as code execution or data corruption) is reported in the available reference [1].
Mitigation
No fix information is available in the provided reference [1]. Users should update to a version after 2019-08-18 if a fix has been released. Further details may be available from the project's repository.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- ffjpeg/ffjpegdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/rockcarry/ffjpeg/issues/11mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.