CVE-2020-12284

Name
CVE-2020-12284
Description
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734
Patch https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726
DEBIAN https://www.debian.org/security/2020/dsa-4722
UBUNTU https://usn.ubuntu.com/4431-1/
GENTOO https://security.gentoo.org/glsa/202007-58
MISC https://github.com/FFmpeg/FFmpeg/commit/a3a3730b5456ca00587455004d40c047f7b20a99

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:ffmpeg:ffmpeg:4.2.2:*:*:*:*:*:*:* ffmpeg == None == 4.2.2
cpe:2.3:a:ffmpeg:ffmpeg:4.1:*:*:*:*:*:*:* ffmpeg == None == 4.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status