rockcarry CVE Vulnerabilities & Metrics

Focus on rockcarry vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About rockcarry Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with rockcarry. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total rockcarry CVEs: 19
Earliest CVE date: 10 Sep 2018, 04:29 UTC
Latest CVE date: 11 Aug 2023, 14:15 UTC

Latest CVE reference: CVE-2020-24222

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical rockcarry CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.07

Max CVSS: 4.3

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	18
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS rockcarry CVEs

These are the five CVEs with the highest CVSS scores for rockcarry, sorted by severity first and recency.

CVE-2022-28471 rockcarry Published on 05 May 2022, 13:15 UTC (CVSS: 4.3)
In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38
CVE-2021-34122 rockcarry Published on 10 Mar 2022, 17:42 UTC (CVSS: 4.3)
The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference.
CVE-2021-45385 rockcarry Published on 11 Feb 2022, 16:15 UTC (CVSS: 4.3)
A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the program. So the program crashes when it tries to access the pb->data, in jfif_encode() at jfif.c:763. This is due to the incomplete patch for CVE-2020-13438.
CVE-2021-44957 rockcarry Published on 08 Feb 2022, 15:15 UTC (CVSS: 4.3)
Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file.
CVE-2021-44956 rockcarry Published on 08 Feb 2022, 15:15 UTC (CVSS: 4.3)
Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file.

All CVEs for rockcarry

CVE-2020-24222 rockcarry vulnerability CVSS: 0 11 Aug 2023, 14:15 UTC

Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN.

CVE-2022-28471 rockcarry vulnerability CVSS: 4.3 05 May 2022, 13:15 UTC

In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38

CVE-2021-34122 rockcarry vulnerability CVSS: 4.3 10 Mar 2022, 17:42 UTC

The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference.

CVE-2021-45385 rockcarry vulnerability CVSS: 4.3 11 Feb 2022, 16:15 UTC

A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the program. So the program crashes when it tries to access the pb->data, in jfif_encode() at jfif.c:763. This is due to the incomplete patch for CVE-2020-13438.

CVE-2021-44957 rockcarry vulnerability CVSS: 4.3 08 Feb 2022, 15:15 UTC

Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file.

CVE-2021-44956 rockcarry vulnerability CVSS: 4.3 08 Feb 2022, 15:15 UTC

Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file.

CVE-2020-23705 rockcarry vulnerability CVSS: 4.3 15 Jul 2021, 22:15 UTC

A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.

CVE-2020-23852 rockcarry vulnerability CVSS: 4.3 18 May 2021, 15:15 UTC

A heap based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c (line 544 & line 545), which could cause a denial of service by submitting a malicious jpeg image.

CVE-2020-23851 rockcarry vulnerability CVSS: 4.3 18 May 2021, 15:15 UTC

A stack-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c:513:28, which could cause a denial of service by submitting a malicious jpeg image.

CVE-2020-15470 rockcarry vulnerability CVSS: 4.3 01 Jul 2020, 11:15 UTC

ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c.

CVE-2020-13440 rockcarry vulnerability CVSS: 4.3 24 May 2020, 23:15 UTC

ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.

CVE-2020-13439 rockcarry vulnerability CVSS: 4.3 24 May 2020, 23:15 UTC

ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.

CVE-2020-13438 rockcarry vulnerability CVSS: 4.3 24 May 2020, 23:15 UTC

ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.

CVE-2019-19888 rockcarry vulnerability CVSS: 4.3 18 Dec 2019, 19:15 UTC

jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zero error.

CVE-2019-19887 rockcarry vulnerability CVSS: 4.3 18 Dec 2019, 19:15 UTC

bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_encode.

CVE-2019-16352 rockcarry vulnerability CVSS: 4.3 16 Sep 2019, 13:15 UTC

ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c.

CVE-2019-16351 rockcarry vulnerability CVSS: 4.3 16 Sep 2019, 13:15 UTC

ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c.

CVE-2019-16350 rockcarry vulnerability CVSS: 4.3 16 Sep 2019, 13:15 UTC

ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c.

CVE-2018-16781 rockcarry vulnerability CVSS: 4.3 10 Sep 2018, 04:29 UTC

ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table.