VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 9, 2020· Updated Aug 4, 2024

CVE-2020-6625

CVE-2020-6625

Description

jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4

Patches

Vulnerability mechanics

Root cause

"Missing bounds check in Get32s allows reading past the end of a heap-allocated buffer when processing crafted Exif GPS data."

Attack vector

An attacker supplies a crafted JPEG file with malicious Exif GPS metadata. When jhead parses the file, the `ProcessGpsInfo` function reads beyond the allocated heap buffer via `Get32s`, causing a heap-buffer-over-read [ref_id=1]. The attacker needs no authentication; the only precondition is that the victim runs jhead on the malicious file.

Affected code

The heap-buffer-overflow occurs in `Get32s` at `exif.c:336` when called from `ProcessGpsInfo` in `gpsinfo.c:138`. The call chain is `ProcessGpsInfo` → `Get32s`, triggered during `ProcessExifDir` processing of a crafted JPEG file [ref_id=1].

What the fix does

The advisory does not include a patch. The bug report only documents the crash via AddressSanitizer output; no code fix is published in the referenced bug [ref_id=1]. Remediation would require adding bounds checking in `Get32s` or its callers to ensure reads stay within the allocated heap region.

Preconditions

  • inputVictim runs jhead on a crafted JPEG file supplied by the attacker.
  • authNo authentication or special privileges required.

Generated on May 30, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.