Integer Overflow or Wraparound in rockcarry/ffjpeg

Valid

Reported on

May 14th 2021


✍️ Description

An exploitable heap overflow vulnerability exists in function bmp_load() in bmp.c.

🕵️‍♂️ Proof of Concept

make
./ffjpeg -e poc

💥 Impact

This vulnerability is capable of Code execution

Jamie Slome validated this vulnerability 6 months ago
chibanoyume has been awarded the disclosure bounty
The fix bounty is now up for grabs
Jamie Slome confirmed that a fix has been merged on 0fa4cf 6 months ago
The fix bounty has been dropped
Jamie Slome
6 months ago

Admin


Great job!