cbsjpegsplitfragment in libavcodec/cbsjpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEGMARKERSOS handling because of a missing length check.
[
{
"id": "CVE-2020-12284-05b42b91",
"source": "https://github.com/ffmpeg/ffmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726",
"signature_version": "v1",
"digest": {
"length": 3246.0,
"function_hash": "295269910854795076654787475383993439121"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "cbs_jpeg_split_fragment",
"file": "libavcodec/cbs_jpeg.c"
}
},
{
"id": "CVE-2020-12284-4194c84e",
"source": "https://github.com/ffmpeg/ffmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726",
"signature_version": "v1",
"digest": {
"line_hashes": [
"95195660024913394212304132289173808057",
"312525091208015857353260134168748076611",
"298190530965200286121570828407286037464"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "libavcodec/cbs_jpeg.c"
}
},
{
"id": "CVE-2020-12284-8f9639c6",
"source": "https://github.com/ffmpeg/ffmpeg/commit/a3a3730b5456ca00587455004d40c047f7b20a99",
"signature_version": "v1",
"digest": {
"line_hashes": [
"95195660024913394212304132289173808057",
"312525091208015857353260134168748076611",
"298190530965200286121570828407286037464"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "libavcodec/cbs_jpeg.c"
}
},
{
"id": "CVE-2020-12284-e760d172",
"source": "https://github.com/ffmpeg/ffmpeg/commit/a3a3730b5456ca00587455004d40c047f7b20a99",
"signature_version": "v1",
"digest": {
"length": 3284.0,
"function_hash": "95840289875798690280122319277904648598"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "cbs_jpeg_split_fragment",
"file": "libavcodec/cbs_jpeg.c"
}
}
]