CVE-2020-23705

Vulnerability

A global buffer overflow vulnerability exists in the jfif_encode function at jfif.c:701 of ffjpeg through 2020-06-22 [1]. The overflow occurs when reading data into a fixed-size global array STD_HUFTAB_LUMIN_AC (size 178 bytes) in huffman.c:388, but a read of 272 bytes is attempted, causing a read past the end of the buffer [1]. This can be triggered by processing a specially crafted JPEG file with the -e flag [1].

Exploitation

An attacker needs to supply a malicious JPEG file to the ffjpeg application. No authentication or special network position is required; the attack is local. The reproduction steps involve compiling ffjpeg with AddressSanitizer and executing ffjpeg -e $poc where $poc is the crafted file [1]. The overflow is a read operation, which leads to a crash.

Impact

Successful exploitation results in a denial of service (DoS) due to the global buffer overflow. The AddressSanitizer report confirms a global-buffer-overflow read error, causing the application to terminate abnormally [1]. There is no indication of code execution or information disclosure.

Mitigation

As of the reference, no fix has been provided by the developer [1]. The ffjpeg project appears unmaintained. Users should avoid processing untrusted JPEG files with ffjpeg or consider using maintained alternatives. No workaround is documented.