Lucene search
K

8 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:3 a.m.3 views

SUSE CVE-2020-5204

In uftpd before 2.11, there is a buffer overflow vulnerability in handlePORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses...

8.8CVSS8.7AI score0.01079EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.31 views

openSUSE Security Update : jhead (openSUSE-2019-698)

This update for jhead fixes the following security issues : - CVE-2016-3822: jhead remote attackers to execute arbitrary code or cause a denial of service out-of-bounds access via crafted EXIF data bsc1108480. - CVE-2018-16554: The ProcessGpsInfo function may have allowed a remote attacker to cau...

7.8CVSS6.7AI score0.01766EPSS
Exploits1References3
Mageia
Mageia
added 2018/11/17 10:23 p.m.34 views

Updated jhead package fixes security vulnerabilities

The ProcessGpsInfo function may have allowed a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAGGPSALT handling CVE-2018-16554. The ProcessGpsInfo...

7.8CVSS4.2AI score0.01766EPSS
Exploits2References3
OPENSUSE Linux
OPENSUSE Linux
added 2018/10/26 2:42 p.m.568 views

Security update for jhead (moderate)

This update for jhead fixes the following issues: Security issues fixed: - CVE-2018-17088: The ProcessGpsInfo function may have allowed a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check...

7.5CVSS3.9AI score0.01766EPSS
Exploits2References2
Prion
Prion
added 2018/09/16 2:29 a.m.16 views

Format string

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAGGPSALT handling...

6.8CVSS7.5AI score0.01766EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCve
added 2018/09/16 2:29 a.m.26 views

CVE-2018-16554

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAGGPSALT handling...

7.8CVSS6.7AI score0.01766EPSS
Exploits1References1
CVE
CVE
added 2018/09/16 2:0 a.m.147 views

CVE-2018-16554

CVE-2018-16554 affects jhead 3.00, where ProcessGpsInfo in gpsinfo.c mishandles a sprintf format string for TAG_GPS_ALT due to float/double mismatch, enabling a remote attacker to cause a denial-of-service or unspecified impact via a crafted JPEG. Public advisories (openSUSE/SUSE patches) show th...

7.8CVSS6.1AI score0.01766EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2018/09/16 2:0 a.m.20 views

CVE-2018-16554

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAGGPSALT handling...

7.8CVSS5.8AI score0.01766EPSS
Exploits1
Rows per page
Query Builder