CVE-2020-12284

Published: 28 April 2020

cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla)
Released (7:4.3-3ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (7:4.2.4-1ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist