VYPR

ffjpeg

by Ffjpeg

CVEs (9)

  • CVE-2022-35433MedAug 16, 2022
    risk 0.42cvss 6.5epss 0.01

    ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c.

  • CVE-2022-28471MedMay 5, 2022
    risk 0.42cvss 6.5epss 0.01

    In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38

  • CVE-2021-44956MedFeb 8, 2022
    risk 0.42cvss 6.5epss 0.01

    Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file.

  • CVE-2020-13440MedMay 24, 2020
    risk 0.42cvss 6.5epss 0.01

    ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.

  • CVE-2020-13439MedMay 24, 2020
    risk 0.42cvss 6.5epss 0.01

    ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.

  • CVE-2019-19888MedDec 18, 2019
    risk 0.42cvss 6.5epss 0.01

    jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zero error.

  • CVE-2019-16352MedSep 16, 2019
    risk 0.42cvss 6.5epss 0.01

    ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c.

  • CVE-2019-16351MedSep 16, 2019
    risk 0.42cvss 6.5epss 0.01

    ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c.

  • CVE-2019-16350MedSep 16, 2019
    risk 0.42cvss 6.5epss 0.01

    ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c.