PublicDateAtUSN: 2020-04-28 06:15:00 UTC
Candidate: CVE-2020-12284
PublicDate: 2020-04-28 06:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12284
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734
 https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726
 https://ubuntu.com/security/notices/USN-4431-1
Description:
 cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2
 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of
 a missing length check.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_ffmpeg:
upstream_ffmpeg: needs-triage
precise/esm_ffmpeg: DNE
trusty_ffmpeg: ignored (out of standard support)
trusty/esm_ffmpeg: DNE
xenial_ffmpeg: not-affected (code not present)
bionic_ffmpeg: not-affected (code not present)
eoan_ffmpeg: ignored (reached end-of-life)
focal_ffmpeg: released (7:4.2.4-1ubuntu0.1)
devel_ffmpeg: released (7:4.3-3ubuntu1)