vulnerability

FFmpeg: CVE-2020-12284: Out-of-bounds Write

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	2020-04-28	2020-05-06	2024-11-26

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

2020-04-28

Added

2020-05-06

Modified

2024-11-26

Description

cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.

Solution(s)

ffmpeg-upgrade-4_1_6ffmpeg-upgrade-4_2_3ffmpeg-upgrade-4_3

References

CVE-2020-12284
https://attackerkb.com/topics/CVE-2020-12284
URL-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today