CVE-2020-6624
Description
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- jhead/jheaddescription
- Range: <=3.04
- osv-coords2 versionspkg:rpm/opensuse/jhead&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/jhead&distro=SUSE%20Package%20Hub%2015%20SP2
< 3.06.0.1-lp152.7.6.1+ 1 more
- (no CPE)range: < 3.06.0.1-lp152.7.6.1
- (no CPE)range: < 3.06.0.1-bp152.4.6.1
Patches
Vulnerability mechanics
Root cause
"Missing bounds check in process_DQT allows reading beyond the allocated heap buffer when parsing a malformed JPEG quantization table."
Attack vector
An attacker supplies a crafted JPEG image (the PoC file `id_m075`) that contains a DQT marker section with an invalid or truncated payload. When `process_DQT` reads quantization table data from the heap buffer, it accesses one byte beyond the allocated 67-byte region, causing a heap-buffer-overflow read [ref_id=1]. No authentication or special privileges are required; the victim only needs to run `jhead` on the malicious file.
Affected code
The heap-buffer-overflow occurs in `process_DQT` at `jpgqguess.c:109` when processing a malformed JPEG quantization table (DQT) section. The crash is triggered via `ReadJpegSections` in `jpgfile.c:223` and `ReadJpegFile` at `jpgfile.c:379`, ultimately invoked from `ProcessFile` in `jhead.c:905`.
What the fix does
The advisory does not include a published patch. The recommended remediation is to add bounds checking in `process_DQT` to verify that the DQT segment length does not exceed the allocated buffer before reading quantization coefficients. Without such a check, any truncated or oversized DQT marker can trigger the out-of-bounds read.
Preconditions
- inputThe victim must process a crafted JPEG file using jhead (versions 3.03 or 3.04).
- inputThe JPEG file must contain a malformed DQT (quantization table) marker section that causes the read to exceed the allocated buffer.
Generated on May 30, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- security.gentoo.org/glsa/202007-17mitrevendor-advisory
- bugs.gentoo.org/711220mitre
- bugs.gentoo.org/876247mitre
- bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744mitre
News mentions
0No linked articles in our index yet.