VYPR
Vendor

Matthias Wandel

Products
2
CVEs
15
Across products
15
Status
Private

Products

2

Recent CVEs

15
  • CVE-2021-34055HigNov 4, 2022
    risk 0.51cvss 7.8epss 0.00

    jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.

  • CVE-2021-28278HigMar 23, 2022
    risk 0.51cvss 7.8epss 0.01

    A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c.

  • CVE-2021-28277HigMar 23, 2022
    risk 0.51cvss 7.8epss 0.01

    A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c.

  • CVE-2021-28276HigMar 23, 2022
    risk 0.49cvss 7.5epss 0.01

    A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c.

  • CVE-2024-2824MedMar 22, 2024
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to…

  • CVE-2021-28275MedMar 23, 2022
    risk 0.36cvss 5.5epss 0.01

    A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file.

  • CVE-2024-0261MedJan 7, 2024
    risk 0.35cvss 5.3epss 0.01

    A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit…

  • CVE-2020-28840HigAug 11, 2023
    risk 0.00cvss 7.8epss 0.00

    Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS).

  • CVE-2022-28550CriJun 13, 2023
    risk 0.00cvss 9.8epss 0.01

    Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer…

  • CVE-2022-41751HigOct 17, 2022
    risk 0.00cvss 7.8epss 0.00

    Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.

  • CVE-2020-26208MedFeb 2, 2022
    risk 0.00cvss 5.3epss 0.01

    JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to…

  • CVE-2008-4641Oct 21, 2008
    risk 0.00cvss epss 0.02

    The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.

  • CVE-2008-4640Oct 21, 2008
    risk 0.00cvss epss 0.00

    The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by…

  • CVE-2008-4639Oct 21, 2008
    risk 0.00cvss epss 0.00

    jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

  • CVE-2008-4575Oct 15, 2008
    risk 0.00cvss epss 0.02

    Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."