CVE-2020-24222

Vulnerability

A buffer overflow vulnerability exists in the jfif_decode() function of rockcarry ffjpeg through version 1.0.0. The issue is caused by an improper ALIGN operation in the function, leading to a segment fault when processing a crafted JPEG file. The vulnerability occurs at jfif.c:545 in line yuv_to_rgb(*ysrc, *usrc, *vsrc, bdst + 2, bdst + 1, bdst + 0) during JPEG decoding [1].

Exploitation

An attacker must have local access to the system and provide a specially crafted JPEG file to the ffjpeg tool using the command ffjpeg -d [file_name]. The fuzzer-generated crash sample triggers a segmentation fault (SIGSEGV) in the jfif_decode function, indicating that the overflow can be reliably triggered without requiring special privileges [1].

Impact

Successful exploitation of this buffer overflow can allow a local attacker to execute arbitrary code. The crash occurs in a context where memory corruption is achieved, potentially leading to code execution with the privileges of the user running ffjpeg [1].

Mitigation

As of the publication date, no patched version of ffjpeg has been released. Version 1.0.0 is confirmed affected, and the repository does not indicate an available fix. Users should avoid processing untrusted JPEG files with ffjpeg until a patch is issued, or consider using alternative JPEG decoding libraries. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.