[FFmpeg-user] FFmpeg Vulnerable to Denial-of-Service (DoS) via Heap-Based Buffer Overflow in 'cbs_jpeg.c' File

Moritz Barsnick barsnick at gmx.net
Fri May 15 12:00:16 EEST 2020


On Fri, May 15, 2020 at 08:28:03 +0000, FFmpeg user discussions wrote:
> Would like to understand, any plan to fix the to the
> https://nvd.nist.gov/vuln/detail/CVE-2020-12284 (FFmpeg Vulnerable to
> Denial-of-Service (DoS) via Heap-Based Buffer Overflow in
> 'cbs_jpeg.c' File)

This is a user and not a development list, but, that said:

A fix is already on the master branch[*], and will most likely be
backported to the coming release 4.2.3, together with many other fixes.

Cheers,
Moritz

[*] https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726#diff-3f792992b631e77d4a71869346eac832


More information about the ffmpeg-user mailing list