Jhead
Source repositories
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-34055 | Hig | 0.51 | 7.8 | 0.00 | Nov 4, 2022 | jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. | ||
| CVE-2021-28278 | Hig | 0.51 | 7.8 | 0.01 | Mar 23, 2022 | A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c. | ||
| CVE-2021-28277 | Hig | 0.51 | 7.8 | 0.01 | Mar 23, 2022 | A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c. | ||
| CVE-2021-28276 | Hig | 0.49 | 7.5 | 0.01 | Mar 23, 2022 | A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. | ||
| CVE-2024-2824 | Med | 0.41 | 6.3 | 0.01 | Mar 22, 2024 | A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to… | ||
| CVE-2021-28275 | Med | 0.36 | 5.5 | 0.01 | Mar 23, 2022 | A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file. | ||
| CVE-2020-28840 | Hig | 0.00 | 7.8 | 0.00 | Aug 11, 2023 | Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS). | ||
| CVE-2022-28550 | Cri | 0.00 | 9.8 | 0.01 | Jun 13, 2023 | Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer… | ||
| CVE-2022-41751 | Hig | 0.00 | 7.8 | 0.00 | Oct 17, 2022 | Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. | ||
| CVE-2020-26208 | Med | 0.00 | 5.3 | 0.01 | Feb 2, 2022 | JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to… | ||
| CVE-2008-4641 | 0.00 | — | 0.02 | Oct 21, 2008 | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. | |||
| CVE-2008-4640 | 0.00 | — | 0.00 | Oct 21, 2008 | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by… | |||
| CVE-2008-4639 | 0.00 | — | 0.00 | Oct 21, 2008 | jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||
| CVE-2008-4575 | 0.00 | — | 0.02 | Oct 15, 2008 | Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows." |
- risk 0.51cvss 7.8epss 0.00
jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.
- risk 0.51cvss 7.8epss 0.01
A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c.
- risk 0.51cvss 7.8epss 0.01
A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c.
- risk 0.49cvss 7.5epss 0.01
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c.
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to…
- risk 0.36cvss 5.5epss 0.01
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file.
- risk 0.00cvss 7.8epss 0.00
Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS).
- risk 0.00cvss 9.8epss 0.01
Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer…
- risk 0.00cvss 7.8epss 0.00
Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.
- risk 0.00cvss 5.3epss 0.01
JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to…
- CVE-2008-4641Oct 21, 2008risk 0.00cvss —epss 0.02
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
- CVE-2008-4640Oct 21, 2008risk 0.00cvss —epss 0.00
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by…
- CVE-2008-4639Oct 21, 2008risk 0.00cvss —epss 0.00
jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
- CVE-2008-4575Oct 15, 2008risk 0.00cvss —epss 0.02
Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."