CVE-2018-17088

Опубликовано: 16 сент. 2018

Источник: ubuntu

Приоритет: medium

CVSS2: 6.8

CVSS3: 7.8

Описание

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability.

Релиз	Статус	Примечание
bionic	released	1:3.00-8~build0.18.04.1
cosmic	released	1:3.00-8~build0.18.10.1
devel	not-affected	1:3.00-8
disco	not-affected	1:3.00-8
esm-apps/bionic	released	1:3.00-8~build0.18.04.1
esm-apps/xenial	released	1:3.00-8+deb9u1build.16.04.1
esm-infra-legacy/trusty	released	1:2.97-1+deb8u2build0.14.04.1~esm1
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	released	1:2.97-1+deb8u2build0.14.04.1~esm1

Показывать по

Ссылки на источники

6.8 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

CVE-2018-17088

CVSS3: 7.8

nvd

больше 7 лет назад

CVE-2018-17088

CVSS3: 7.8

debian

больше 7 лет назад

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may al ...

GHSA-727r-rxp4-hwwc

CVSS3: 7.8

github

больше 3 лет назад

openSUSE-SU-2018:3481-1

suse-cvrf

больше 7 лет назад

Security update for jhead

openSUSE-SU-2021:0743-1

suse-cvrf

больше 4 лет назад

Security update for jhead

6.8 Medium

CVSS2

7.8 High

CVSS3

CVE-2018-17088

Описание

Пакет jhead

Ссылки на источники

Связанные уязвимости