Описание
Security update for jhead
This update for jhead fixes the following security issues:
- CVE-2016-3822: jhead remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data (bsc#1108480).
- CVE-2018-16554: The ProcessGpsInfo function may have allowed a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling (bsc#1108480).
Список пакетов
SUSE Package Hub for SUSE Linux Enterprise 15
jhead-3.00-bp150.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2018:2827-1
- SUSE Security Ratings
Описание
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.
Затронутые продукты
SUSE Package Hub for SUSE Linux Enterprise 15:jhead-3.00-bp150.3.3.1
Ссылки
- CVE-2016-3822
- SUSE Bug 1108480
- SUSE Bug 1108672
Описание
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.
Затронутые продукты
SUSE Package Hub for SUSE Linux Enterprise 15:jhead-3.00-bp150.3.3.1
Ссылки
- CVE-2018-16554
- SUSE Bug 1108480
- SUSE Bug 1108672