CVE-2021-45385 : What You Need to Know
Learn about CVE-2021-45385, a Null Pointer Dereference vulnerability in ffjpeg d5cfd49, causing a program crash when accessing pb->data in jfif.c. Find mitigation steps and affected systems here.
This CVE-2021-45385 article provides details about a Null Pointer Dereference vulnerability found in ffjpeg d5cfd49 affecting bmp_load() function.
Understanding CVE-2021-45385
What is CVE-2021-45385?
A Null Pointer Dereference vulnerability in ffjpeg d5cfd49 leads to a program crash due to incomplete patching for a previous CVE.
The Impact of CVE-2021-45385
The vulnerability allows attackers to cause a denial of service (DoS) by crashing the program when trying to access pb->data.
Technical Details of CVE-2021-45385
Vulnerability Description
The issue occurs when metadata size of bmp is out of range, causing a crash in jfif_encode() at jfif.c:763.
Affected Systems and Versions
- Product: Not applicable
- Vendor: Not applicable
- Version: Not applicable
Exploitation Mechanism
The vulnerability stems from the failure to assign memory buffer to
pb->pdataMitigation and Prevention
Immediate Steps to Take
- Monitor official sources for a patch or workaround.
- Avoid opening untrusted bmp files.
Long-Term Security Practices
- Regularly update software and dependencies.
- Implement secure coding practices.
Patching and Updates
Maintain awareness of updates from the ffjpeg project for a comprehensive fix.