rpm package
suse/jhead&distro=SUSE Package Hub 15 SP2
pkg:rpm/suse/jhead&distro=SUSE%20Package%20Hub%2015%20SP2
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3496 | — | < 3.00-bp152.4.3.1 | 3.00-bp152.4.3.1 | Apr 22, 2021 | A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. | ||
| CVE-2020-6625 | — | < 3.06.0.1-bp152.4.6.1 | 3.06.0.1-bp152.4.6.1 | Jan 9, 2020 | jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. | ||
| CVE-2020-6624 | — | < 3.06.0.1-bp152.4.6.1 | 3.06.0.1-bp152.4.6.1 | Jan 9, 2020 | jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. | ||
| CVE-2019-1010301 | — | < 3.06.0.1-bp152.4.6.1 | 3.06.0.1-bp152.4.6.1 | Jul 15, 2019 | jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file. | ||
| CVE-2019-1010302 | — | < 3.06.0.1-bp152.4.6.1 | 3.06.0.1-bp152.4.6.1 | Jul 15, 2019 | jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file. | ||
| CVE-2018-17088 | — | < 3.06.0.1-bp152.4.6.1 | 3.06.0.1-bp152.4.6.1 | Sep 16, 2018 | The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data | ||
| CVE-2018-16554 | — | < 3.06.0.1-bp152.4.6.1 | 3.06.0.1-bp152.4.6.1 | Sep 16, 2018 | The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT h | ||
| CVE-2018-6612 | — | < 3.06.0.1-bp152.4.6.1 | 3.06.0.1-bp152.4.6.1 | Feb 4, 2018 | An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact. | ||
| CVE-2016-3822 | Hig | 7.8 | < 3.06.0.1-bp152.4.6.1 | 3.06.0.1-bp152.4.6.1 | Aug 5, 2016 | exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, a |
- CVE-2021-3496Apr 22, 2021affected < 3.00-bp152.4.3.1fixed 3.00-bp152.4.3.1
A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file.
- CVE-2020-6625Jan 9, 2020affected < 3.06.0.1-bp152.4.6.1fixed 3.06.0.1-bp152.4.6.1
jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.
- CVE-2020-6624Jan 9, 2020affected < 3.06.0.1-bp152.4.6.1fixed 3.06.0.1-bp152.4.6.1
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.
- CVE-2019-1010301Jul 15, 2019affected < 3.06.0.1-bp152.4.6.1fixed 3.06.0.1-bp152.4.6.1
jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.
- CVE-2019-1010302Jul 15, 2019affected < 3.06.0.1-bp152.4.6.1fixed 3.06.0.1-bp152.4.6.1
jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.
- CVE-2018-17088Sep 16, 2018affected < 3.06.0.1-bp152.4.6.1fixed 3.06.0.1-bp152.4.6.1
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data
- CVE-2018-16554Sep 16, 2018affected < 3.06.0.1-bp152.4.6.1fixed 3.06.0.1-bp152.4.6.1
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT h
- CVE-2018-6612Feb 4, 2018affected < 3.06.0.1-bp152.4.6.1fixed 3.06.0.1-bp152.4.6.1
An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.
- affected < 3.06.0.1-bp152.4.6.1fixed 3.06.0.1-bp152.4.6.1
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, a