Integer Overflow or Wraparound in rockcarry/ffjpeg


Reported on

May 14th 2021

✍️ Description

An exploitable heap overflow vulnerability exists in function bmp_load() in bmp.c.

🕵️‍♂️ Proof of Concept

./ffjpeg -e poc

💥 Impact

This vulnerability is capable of Code execution

Jamie Slome validated this vulnerability 2 years ago
chibanoyume has been awarded the disclosure bounty
The fix bounty is now up for grabs
Jamie Slome marked this as fixed with commit 0fa4cf 2 years ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
Jamie Slome
2 years ago


Great job!

to join this conversation