CVE-2019-19888

Vulnerability

In ffjpeg through 2019-08-21, the jfif_decode function in jfif.c contains a divide-by-zero error at line 425. When processing a crafted JPEG file, the variable mcuw can become zero, leading to a division by zero in the expression jw / mcuw. This occurs because mcuw is computed as sfh_max * 8, and sfh_max can be zero if the JPEG's sampling factors are manipulated [1].

Exploitation

An attacker with the ability to supply a specially crafted JPEG file to an application using ffjpeg can trigger the vulnerability. No authentication or special network position is required; user interaction may involve opening the file. The attacker does not need write access or any race condition. Simply providing a malicious JPEG with specific sampling factors that result in sfh_max or sfv_max being zero causes the division by zero [1].

Impact

Successful exploitation results in a denial of service (DoS) condition, typically crashing the application that uses the ffjpeg library. The impact is limited to availability; no data confidentiality or integrity is compromised. The crash occurs during the decoding process, and the attacker gains no elevated privileges [1].

Mitigation

As of the publication date (2019-12-18) and based on the available reference [1], no fix has been released for this vulnerability. Users should avoid processing untrusted JPEG files with ffjpeg until a patch is available. The project appears dormant, so upgrading to a fixed version is not possible at this time.