CVE-2022-41751

Опубликовано: 17 окт. 2022

Источник: debian

EPSS Низкий

Описание

Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.

Пакет	Статус	Версия исправления	Релиз	Тип
jhead	fixed	1:3.06.0.1-3		package

https://github.com/Matthias-Wandel/jhead/pull/57
https://github.com/Matthias-Wandel/jhead/commit/6985da52c9ad4f5f6c247269cb5508fae34a971c
https://github.com/Matthias-Wandel/jhead/commit/3fe905cf674f8dbac8a89e58cee1b4850abf9530
Fixes are insufficient: https://github.com/Matthias-Wandel/jhead/issues/60
https://github.com/Matthias-Wandel/jhead/commit/ec67262b8e5a4b05d8ad6898a09f1dc3fc032062
Further followup (bug #1023303): https://github.com/Matthias-Wandel/jhead/issues/65

EPSS

Процентиль: 12%

0.00041

Низкий

CVE-2022-41751

CVSS3: 7.8

ubuntu

больше 3 лет назад

Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.

CVE-2022-41751

CVSS3: 7.8

nvd

больше 3 лет назад

Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.

openSUSE-SU-2023:0371-1

suse-cvrf

около 2 лет назад

Security update for jhead

openSUSE-SU-2023:0054-1

suse-cvrf

почти 3 года назад

Security update for jhead

openSUSE-SU-2022:10179-1

suse-cvrf

больше 3 лет назад

Security update for jhead

EPSS

Процентиль: 12%

0.00041

Низкий