CVE-2021-44957
Description
Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ffjpeg through 01.01.2021 has a global buffer overflow in jfif_encode that can be triggered via a crafted JPEG file, leading to denial of service.
Vulnerability
A global buffer overflow vulnerability exists in ffjpeg through commit 01.01.2021 in the jfif_encode function at src/jfif.c:708. The bug is similar to CVE-2020-23705 and occurs during JPEG encoding when processing a crafted input file [1].
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted JPEG file to the ffjpeg encoder. No authentication or special privileges are required; the attack vector is local file input. The issue was reproduced using AddressSanitizer, which detected a global-buffer-overflow read of size 272 during memcpy [1].
Impact
Successful exploitation causes a denial of service (DoS) via application crash. The AddressSanitizer output confirms a global-buffer-overflow that terminates the process [1]. There is no indication of code execution or information disclosure.
Mitigation
As of the latest available reference, no patched version has been released. Users should avoid processing untrusted JPEG files with ffjpeg until a fix is provided. The affected version is any ffjpeg up to commit 01.01.2021 [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- ffjpeg/ffjpegdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/rockcarry/ffjpeg/issues/44mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.