ffjpeg version 1.0.0 commit 51b5fa74254d23be4944e15879edffabbee8a853 contains a NULL pointer dereference via crafted input in function jfif_decode in jfif.c:545. The vulnerability affects library tool ffjpeg. This vulnerability can allow attackers to cause a crash, potentially enabling a denial of service attack.
To recreate:
compile with ASAN enabled
./ffjpeg -d poc
ffjpeg version 1.0.0 commit 51b5fa74254d23be4944e15879edffabbee8a853 contains a NULL pointer dereference via crafted input in function jfif_decode in jfif.c:545. The vulnerability affects library tool ffjpeg. This vulnerability can allow attackers to cause a crash, potentially enabling a denial of service attack.
To recreate: compile with ASAN enabled ./ffjpeg -d poc
crash.log poc.zip
This vulnerability has been fixed in commit 4ab404eb87fe039d6cfba121d2ba572fb060e623