ALT-BU-2023-5161-1
Branch c9f2 update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2019-1010301
jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.
- https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1838251
- https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1838251
- https://bugzilla.redhat.com/show_bug.cgi?id=1679952
- https://bugzilla.redhat.com/show_bug.cgi?id=1679952
- https://launchpadlibrarian.net/435112680/32_crash_in_gpsinfo
- https://launchpadlibrarian.net/435112680/32_crash_in_gpsinfo
- [debian-lts-announce] 20191231 [SECURITY] [DLA 2054-1] jhead security update
- [debian-lts-announce] 20191231 [SECURITY] [DLA 2054-1] jhead security update
- FEDORA-2019-17b95fecd3
- FEDORA-2019-17b95fecd3
- FEDORA-2019-441c2fb0d1
- FEDORA-2019-441c2fb0d1
- GLSA-202007-17
- GLSA-202007-17
Modified: 2024-11-21
CVE-2019-1010302
jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.
- https://bugzilla.redhat.com/show_bug.cgi?id=1679978
- https://bugzilla.redhat.com/show_bug.cgi?id=1679978
- [debian-lts-announce] 20191231 [SECURITY] [DLA 2054-1] jhead security update
- [debian-lts-announce] 20191231 [SECURITY] [DLA 2054-1] jhead security update
- FEDORA-2019-17b95fecd3
- FEDORA-2019-17b95fecd3
- FEDORA-2019-441c2fb0d1
- FEDORA-2019-441c2fb0d1
- GLSA-202007-17
- GLSA-202007-17
Modified: 2024-11-21
CVE-2019-19035
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.
Modified: 2024-11-21
CVE-2020-26208
JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue.
- https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900821
- https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900821
- https://github.com/F-ZhaoYang/jhead/commit/5186ddcf9e35a7aa0ff0539489a930434a1325f4
- https://github.com/F-ZhaoYang/jhead/commit/5186ddcf9e35a7aa0ff0539489a930434a1325f4
- https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-7pr6-xq4f-qhgc
- https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-7pr6-xq4f-qhgc
- https://github.com/Matthias-Wandel/jhead/issues/7
- https://github.com/Matthias-Wandel/jhead/issues/7
Modified: 2024-11-21
CVE-2020-6624
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.
Modified: 2024-11-21
CVE-2020-6625
jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.