CVE-2020-12284: ffmpeg: heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check in libavcodec/cbs_jpeg.c

Severity: Critical

CVSS Score: 9.8

cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.