Описание
JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:3.00-8~ubuntu0.1 |
| devel | not-affected | |
| esm-apps/bionic | released | 1:3.00-8~ubuntu0.1 |
| esm-apps/focal | released | 1:3.04-1ubuntu0.1 |
| esm-apps/jammy | not-affected | 1:3.04-6 |
| esm-apps/xenial | released | 1:3.00-4+deb9u1ubuntu0.1~esm1 |
| esm-infra-legacy/trusty | released | 1:2.97-1+deb8u2ubuntu0.1~esm1 |
| focal | released | 1:3.04-1ubuntu0.1 |
| impish | not-affected | 1:3.04-6 |
| jammy | not-affected | 1:3.04-6 |
Показывать по
Ссылки на источники
EPSS
5.8 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue.
JHEAD is a simple command line tool for displaying and some manipulati ...
EPSS
5.8 Medium
CVSS2
5.3 Medium
CVSS3