rpm package
opensuse/jhead&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/jhead&distro=openSUSE%20Tumbleweed
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-34055 | — | < 3.06.0.1-3.1 | 3.06.0.1-3.1 | Nov 4, 2022 | jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. | ||
| CVE-2022-41751 | — | < 3.06.0.1-2.1 | 3.06.0.1-2.1 | Oct 17, 2022 | Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. | ||
| CVE-2021-3496 | — | < 3.06.0.1-1.3 | 3.06.0.1-1.3 | Apr 22, 2021 | A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. | ||
| CVE-2018-17088 | — | < 3.06.0.1-1.3 | 3.06.0.1-1.3 | Sep 16, 2018 | The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data | ||
| CVE-2018-16554 | — | < 3.06.0.1-1.3 | 3.06.0.1-1.3 | Sep 16, 2018 | The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT h | ||
| CVE-2018-6612 | — | < 3.06.0.1-1.3 | 3.06.0.1-1.3 | Feb 4, 2018 | An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact. | ||
| CVE-2016-3822 | Hig | 7.8 | < 3.06.0.1-1.3 | 3.06.0.1-1.3 | Aug 5, 2016 | exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, a | |
| CVE-2008-4641 | — | < 3.00-1.8 | 3.00-1.8 | Oct 21, 2008 | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. | ||
| CVE-2008-4575 | — | < 3.00-1.8 | 3.00-1.8 | Oct 15, 2008 | Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows." |
- CVE-2021-34055Nov 4, 2022affected < 3.06.0.1-3.1fixed 3.06.0.1-3.1
jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.
- CVE-2022-41751Oct 17, 2022affected < 3.06.0.1-2.1fixed 3.06.0.1-2.1
Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.
- CVE-2021-3496Apr 22, 2021affected < 3.06.0.1-1.3fixed 3.06.0.1-1.3
A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file.
- CVE-2018-17088Sep 16, 2018affected < 3.06.0.1-1.3fixed 3.06.0.1-1.3
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data
- CVE-2018-16554Sep 16, 2018affected < 3.06.0.1-1.3fixed 3.06.0.1-1.3
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT h
- CVE-2018-6612Feb 4, 2018affected < 3.06.0.1-1.3fixed 3.06.0.1-1.3
An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.
- affected < 3.06.0.1-1.3fixed 3.06.0.1-1.3
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, a
- CVE-2008-4641Oct 21, 2008affected < 3.00-1.8fixed 3.00-1.8
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
- CVE-2008-4575Oct 15, 2008affected < 3.00-1.8fixed 3.00-1.8
Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."