CVE-2020-23851

Vulnerability

A stack-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c:513:28 [1]. The issue occurs when accessing the yuv_datbuf pointer array without a bounds check, where computed indices based on mcui, mcuw, etc. can exceed the array's allocated size, leading to an out-of-bounds read or write on the stack. Affected versions include all commits up to the 2020-07-02 snapshot [1].

Exploitation

An attacker with the ability to supply a crafted JPEG image to the ffjpeg library can trigger the buffer overflow. No authentication or special privileges are required; the attack is file-based and requires only that the victim or an automated process loads the malicious JPEG via the vulnerable jfif_decode function. AddressSanitizer traces show the overflow at memory access in jfif.c:513 [1].

Impact

Successful exploitation can cause a denial of service (DoS) by corrupting stack memory, which may lead to an application crash [1]. The overflow is limited to stack memory; remote code execution is not confirmed in the available references, but stack corruption could theoretically be leveraged depending on compiler and environment protections.

Mitigation

As of the published reference (2020-07-02 snapshot) and the CVE disclosure date (2021-05-18), no patched version has been released [1]. The project appears dormant, and no formal fix or workaround is documented. Users should avoid processing untrusted JPEG images with the vulnerable ffjpeg library until a patch is made available or consider alternative JPEG decoders.