CVE-2021-45385
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the program. So the program crashes when it tries to access the pb->data, in jfif_encode() at jfif.c:763. This is due to the incomplete patch for CVE-2020-13438.
Se presenta una vulnerabilidad de desreferencia de puntero Null en ffjpeg versión d5cfd49 (06-12-2021) en la función bmp_load(). Cuando la información del tamaño en los metadatos del bmp está fuera de rango, devuelve sin asignar memoria intermedia a "pb-)pdata" y no sale del programa. Así que el programa es bloqueado cuando intenta acceder a pb-)data, en jfif_encode() en jfif.c:763. Esto es debido al parche incompleto para CVE-2020-13438
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-12-20 CVE Reserved
- 2022-02-11 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/rockcarry/ffjpeg/issues/47 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/rockcarry/ffjpeg/pull/48 | 2023-08-17 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rockcarry Search vendor "Rockcarry" | Ffjpeg Search vendor "Rockcarry" for product "Ffjpeg" | 2021-12-06 Search vendor "Rockcarry" for product "Ffjpeg" and version "2021-12-06" | - |
Affected
| ||||||