Skip to main content

Ffjpeg CVE-2019-19887

MEDIUM
NULL Pointer Dereference (CWE-476)
2019-12-18 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 18, 2019 - 19:15 nvd
MEDIUM 6.5

DescriptionNVD

bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_encode.

AnalysisAI

bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_encode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_encode. Affected products include: Rockcarry Ffjpeg. Version information: through 2019.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

More in Ffjpeg

View all
CVE-2022-35433 MEDIUM POC
6.5 Aug 16

ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c. Rated me

CVE-2022-28471 MEDIUM POC
6.5 May 05

In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eve

CVE-2020-13440 MEDIUM POC
6.5 May 24

ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c. Rated medium severity (CVSS 6.5), this vulnerabilit

CVE-2020-13439 MEDIUM POC
6.5 May 24

ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c. Rated medium severity (CVSS 6.5),

CVE-2020-13438 MEDIUM POC
6.5 May 24

ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c. Rated medium severity (CVSS 6.5), this vulnerabi

CVE-2019-19888 MEDIUM POC
6.5 Dec 18

jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zero error. Rated medium severity (CVSS 6.5), this vu

CVE-2019-16352 MEDIUM POC
6.5 Sep 16

ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c. Rated medium severity (CVSS 6.5), th

CVE-2019-16351 MEDIUM POC
6.5 Sep 16

ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c. Rated medium severity (CV

CVE-2019-16350 MEDIUM POC
6.5 Sep 16

ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c. Rated medium severity (CVSS 6.5), this

CVE-2018-16781 MEDIUM
6.5 Sep 10

ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressi

CVE-2020-15470 MEDIUM
5.5 Jul 01

ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c. Rated medium severity (CVSS 5.5), t

Share

CVE-2019-19887 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy