Ffjpeg
CVE-2019-16350
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c.
AnalysisAI
ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c. Affected products include: Rockcarry Ffjpeg. Version information: before 2019.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.
ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c. Rated me
In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eve
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c. Rated medium severity (CVSS 6.5), this vulnerabilit
ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c. Rated medium severity (CVSS 6.5),
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c. Rated medium severity (CVSS 6.5), this vulnerabi
jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zero error. Rated medium severity (CVSS 6.5), this vu
bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_encode. Rated medium
ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c. Rated medium severity (CVSS 6.5), th
ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c. Rated medium severity (CV
ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressi
ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c. Rated medium severity (CVSS 5.5), t
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today