6.4 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.013 Low
EPSS
Percentile
85.6%
Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to “a bunch of potential string overflows.”
secunia.com/advisories/32363
www.openwall.com/lists/oss-security/2008/10/15/6
www.securityfocus.com/bid/31770
www.sentex.net/~mwandel/jhead/changes.txt
bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html
www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html