CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

OSV•added 2025/05/30 4:15 a.m.•1 views

DEBIAN-CVE-2025-44906

jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c...

7.8CVSS6.9AI score0.00082EPSS

Exploits1References1

OSV•added 2025/05/30 4:15 a.m.•0 views

UBUNTU-CVE-2025-44906

jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c...

7.8CVSS5.8AI score0.00082EPSS

Exploits1References4

CNNVD•added 2025/05/30 12:0 a.m.•1 views

jhead 资源管理错误漏洞

jhead is a command line program by the individual developer Matthias Wandel. A security vulnerability exists in jhead version v3.08, which stems from a post-release reuse of the ProcessFile function in the jhead.c file, which could lead to the execution of arbitrary code...

7.8CVSS6.8AI score0.00082EPSS

Exploits1References2

NVD•added 2008/10/21 6:0 p.m.•11 views

CVE-2008-4641

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input...

10CVSS7.3AI score0.02025EPSS

Exploits0References6

NVD•added 2008/10/21 6:0 p.m.•10 views

CVE-2008-4640

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which 1 a final "z" character is replaced by a "t" character or 2 a final "t" character is replaced by a "z" character...

3.6CVSS6.1AI score0.00064EPSS

Exploits0References4

UbuntuCve•added 2008/10/21 6:0 p.m.•22 views

CVE-2008-4639

jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file...

4.6CVSS5.9AI score0.00034EPSS

Exploits0References1

Prion•added 2008/10/21 6:0 p.m.•7 views

Arbitrary file deletion

jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file...

4.6CVSS6.2AI score0.00034EPSS

Exploits0References5Affected Software1

Prion•added 2008/10/21 6:0 p.m.•9 views

Input validation

3.6CVSS6.3AI score0.00064EPSS

Exploits0References4Affected Software1

CVE•added 2008/10/21 4:0 p.m.•42 views

CVE-2008-4639

CVE-2008-4639 affects jhead up to version 2.84, where jhead.c allows local users to overwrite arbitrary files via a symlink attack on a temporary file. This local, low‑complexity exploit can lead to partial impacts on confidentiality, integrity, and availability. The linked vendor advisories/patc...

4.6CVSS5.9AI score0.00034EPSS

Exploits0References5Affected Software1

CVE•added 2008/10/21 4:0 p.m.•57 views

CVE-2008-4640

The CVE-2008-4640 issue affects jhead up to version 2.84, where DoCommand() could delete arbitrary files when the input filename is manipulated (replacing a trailing z with t or vice versa). Several advisories (openSUSE/SUSE jhead-399, Fedora 2009-1824/1776, Mandriva MDVSA-2009:041) confirm the v...

3.6CVSS6AI score0.00064EPSS

Exploits0References4Affected Software1