CVE-2020-12284

high-risk
Published 2020-04-28

cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.

Do I need to act?

~
6.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (6)

Affected Vendors

Debian Canonical Ffmpeg

References (12)

Exploit https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734
Patch https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726
Patch https://github.com/FFmpeg/FFmpeg/commit/a3a3730b5456ca00587455004d40c047f7b20a99
Third Party Advisory https://security.gentoo.org/glsa/202007-58
Third Party Advisory https://usn.ubuntu.com/4431-1/
Third Party Advisory https://www.debian.org/security/2020/dsa-4722
Exploit https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734
Patch https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726
Patch https://github.com/FFmpeg/FFmpeg/commit/a3a3730b5456ca00587455004d40c047f7b20a99
Third Party Advisory https://security.gentoo.org/glsa/202007-58
Third Party Advisory https://usn.ubuntu.com/4431-1/
Third Party Advisory https://www.debian.org/security/2020/dsa-4722
54
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 9/34 · Low
Exposure 13/34 · Low