jhead

CVEs (5)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2018-17088	Jhead jhead	Hig	0.51	7.8	0.02	Sep 16, 2018	The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data…
CVE-2018-16554	Jhead jhead	Hig	0.51	7.8	0.02	Sep 16, 2018	The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT…
CVE-2016-3822	Jhead jhead	Hig	0.51	7.8	0.01	Aug 5, 2016	exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data,…
CVE-2018-6612	Jhead jhead	Med	0.36	5.5	0.01	Feb 4, 2018	An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.
CVE-2008-4575	Jhead jhead		0.00	—	0.02	Oct 15, 2008	Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."

CVE-2018-17088HigSep 16, 2018
Jhead
jhead
risk 0.51cvss 7.8epss 0.02
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data…
CVE-2018-16554HigSep 16, 2018
Jhead
jhead
risk 0.51cvss 7.8epss 0.02
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT…
CVE-2016-3822HigAug 5, 2016
Jhead
jhead
risk 0.51cvss 7.8epss 0.01
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data,…
CVE-2018-6612MedFeb 4, 2018
Jhead
jhead
risk 0.36cvss 5.5epss 0.01
An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.
CVE-2008-4575Oct 15, 2008
Jhead
jhead
risk 0.00cvss —epss 0.02
Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."