Matthias Wandel
Products
2- 14 CVEs
- 1 CVE
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-34055 | Hig | 0.51 | 7.8 | 0.00 | Nov 4, 2022 | jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. | ||
| CVE-2021-28278 | Hig | 0.51 | 7.8 | 0.01 | Mar 23, 2022 | A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c. | ||
| CVE-2021-28277 | Hig | 0.51 | 7.8 | 0.01 | Mar 23, 2022 | A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c. | ||
| CVE-2021-28276 | Hig | 0.49 | 7.5 | 0.01 | Mar 23, 2022 | A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. | ||
| CVE-2024-2824 | Med | 0.41 | 6.3 | 0.01 | Mar 22, 2024 | A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to… | ||
| CVE-2021-28275 | Med | 0.36 | 5.5 | 0.01 | Mar 23, 2022 | A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file. | ||
| CVE-2024-0261 | Med | 0.35 | 5.3 | 0.01 | Jan 7, 2024 | A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit… | ||
| CVE-2020-28840 | Hig | 0.00 | 7.8 | 0.00 | Aug 11, 2023 | Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS). | ||
| CVE-2022-28550 | Cri | 0.00 | 9.8 | 0.01 | Jun 13, 2023 | Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer… | ||
| CVE-2022-41751 | Hig | 0.00 | 7.8 | 0.00 | Oct 17, 2022 | Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. | ||
| CVE-2020-26208 | Med | 0.00 | 5.3 | 0.01 | Feb 2, 2022 | JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to… | ||
| CVE-2008-4641 | 0.00 | — | 0.02 | Oct 21, 2008 | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. | |||
| CVE-2008-4640 | 0.00 | — | 0.00 | Oct 21, 2008 | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by… | |||
| CVE-2008-4639 | 0.00 | — | 0.00 | Oct 21, 2008 | jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||
| CVE-2008-4575 | 0.00 | — | 0.02 | Oct 15, 2008 | Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows." |
- risk 0.51cvss 7.8epss 0.00
jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.
- risk 0.51cvss 7.8epss 0.01
A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c.
- risk 0.51cvss 7.8epss 0.01
A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c.
- risk 0.49cvss 7.5epss 0.01
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c.
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to…
- risk 0.36cvss 5.5epss 0.01
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file.
- risk 0.35cvss 5.3epss 0.01
A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit…
- risk 0.00cvss 7.8epss 0.00
Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS).
- risk 0.00cvss 9.8epss 0.01
Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer…
- risk 0.00cvss 7.8epss 0.00
Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.
- risk 0.00cvss 5.3epss 0.01
JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to…
- CVE-2008-4641Oct 21, 2008risk 0.00cvss —epss 0.02
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
- CVE-2008-4640Oct 21, 2008risk 0.00cvss —epss 0.00
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by…
- CVE-2008-4639Oct 21, 2008risk 0.00cvss —epss 0.00
jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
- CVE-2008-4575Oct 15, 2008risk 0.00cvss —epss 0.02
Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."