CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28471
https://notcve.org/view.php?id=CVE-2022-28471
05 May 2022 — In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38 En ffjpeg (commit hash: caade60), la función bmp_load() en el archivo bmp.c contiene una vulnerabilidad de desbordamiento de enteros, que resulta eventualmente en un desbordamiento de pila en jfif_encode() en jfif.c. Esto es debido a un parche incompleto para el problema 38 • https://github.com/rockcarry/ffjpeg/issues/49 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45385
https://notcve.org/view.php?id=CVE-2021-45385
11 Feb 2022 — A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the program. So the program crashes when it tries to access the pb->data, in jfif_encode() at jfif.c:763. This is due to the incomplete patch for CVE-2020-13438. Se presenta una vulnerabilidad de desreferencia de puntero Null en ffjpeg versión d5cfd49 (06-12-2021) en la función bm... • https://github.com/rockcarry/ffjpeg/issues/47 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44956
https://notcve.org/view.php?id=CVE-2021-44956
08 Feb 2022 — Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file. Se presentan dos vulnerabilidades de desbordamiento de búfer en la región Heap de la memoria en ffjpeg versiones hasta 01.01.2021. Es similar a CVE-2020-23852. • https://github.com/rockcarry/ffjpeg/issues/43 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44957
https://notcve.org/view.php?id=CVE-2021-44957
08 Feb 2022 — Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file. Se presenta una vulnerabilidad de desbordamiento de búfer global en ffjpeg versiones hasta 01.01.2021. Es similar a CVE-2020-23705. • https://github.com/rockcarry/ffjpeg/issues/44 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •