CVE-2020-23852
Description
A heap based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c (line 544 & line 545), which could cause a denial of service by submitting a malicious jpeg image.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap buffer overflow in ffjpeg's jfif_decode function allows denial of service via crafted JPEG image.
Vulnerability
A heap-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c lines 544 and 545 [1]. The overflow occurs when indexing into the yuv_datbuf array without proper bounds checking, leading to out-of-bounds reads [1].
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted JPEG image to the ffjpeg library [1]. No authentication or special network position is required; the attack can be executed remotely if the application processes user-supplied images [1].
Impact
Successful exploitation causes a denial of service (DoS) via application crash due to a heap-buffer-overflow read [1]. The crash results from accessing memory beyond the allocated buffer, as detected by AddressSanitizer [1].
Mitigation
As of the publication date, no official fix has been released for ffjpeg [1]. Users are advised to avoid processing untrusted JPEG images with ffjpeg or apply input validation if possible [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- ffjpeg/ffjpegdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/rockcarry/ffjpeg/issues/28mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.