Lucene search
K
Jhead ProjectJhead

18 matches found

CVE
CVE
added 2020/01/09 12:0 a.m.215 views

CVE-2020-6624

CVE-2020-6624 affects jhead up to version 3.04, with a heap-based buffer over-read in process_DQT (jpgqguess.c). Public advisories confirm impact on multiple distros and urge upgrading to newer jhead releases to mitigate. Debian/OpenSUSE/Gentoo/GNU/Linux advisories reference fixes; Mageia advises...

7.1CVSS7AI score0.01435EPSS
CVE
CVE
added 2020/01/09 12:0 a.m.209 views

CVE-2020-6625

CVE-2020-6625 affects the jhead tool (up to and including version 3.04). The vulnerability is a heap-based buffer over-read in Get32s invoked from ProcessGpsInfo in gpsinfo.c, which can lead to partial confidentiality/availability impact as per CVSS. Public advisories indicate multiple vendors/de...

7.1CVSS7AI score0.01435EPSS
CVE
CVE
added 2019/07/15 5:7 p.m.161 views

CVE-2019-1010302

The CVE-2019-1010302 issue is in JHead, with OpenSUSE advisories showing the fix in jhead 3.06.0.1 and noting multiple related CVEs (including 2019-1010302) resolved. The advisories describe improvements/fixes for JHead’s JPEG processing and fuzz testing, indicating the vulnerability involved pro...

5.5CVSS5.4AI score0.00969EPSS
CVE
CVE
added 2019/07/15 5:10 p.m.155 views

CVE-2019-1010301

CVE-2019-1010301 is a vulnerability in jhead where a crafted JPEG can trigger a buffer overflow in the GPS info handling (gpsinfo.c) leading to a DoS. Several connected advisories note the issue across distros (e.g., Ubuntu/Debian openSUSE/Gentoo/MS). Remediation observed in multiple advisories i...

5.5CVSS5.4AI score0.01211EPSS
CVE
CVE
added 2021/04/22 12:0 a.m.155 views

CVE-2021-3496

CVE-2021-3496 affects jhead (v3.06). A heap-based buffer overflow occurs in Get16u() in exif.c when processing a crafted file, potentially enabling arbitrary code execution or a crash as described by multiple advisories. Related disclosures indicate this vulnerability was addressed by upgrading t...

7.8CVSS7.5AI score0.01065EPSS
CVE
CVE
added 2018/02/04 3:0 p.m.154 views

CVE-2018-6612

CVE-2018-6612 affects jhead, issue arising from an integer underflow in process_EXIF in exif.c that causes a heap-based buffer over-read when parsing JPEGs. Reports across multiple advisories indicate impact on jhead 3.00 and that updates exist (e.g., jhead updated to 3.06.x in several distributi...

5.5CVSS5.6AI score0.01138EPSS
CVE
CVE
added 2018/09/16 2:0 a.m.147 views

CVE-2018-16554

CVE-2018-16554 affects jhead 3.00, where ProcessGpsInfo in gpsinfo.c mishandles a sprintf format string for TAG_GPS_ALT due to float/double mismatch, enabling a remote attacker to cause a denial-of-service or unspecified impact via a crafted JPEG. Public advisories (openSUSE/SUSE patches) show th...

7.8CVSS6.1AI score0.01766EPSS
CVE
CVE
added 2018/09/16 5:0 p.m.139 views

CVE-2018-17088

CVE-2018-17088 affects jhead (notably the ProcessGpsInfo function in gpsinfo.c of version 3.00). An integer overflow when checking whether a GPS location exceeds the EXIF data length can allow a remote attacker to cause a denial-of-service or other impact via a malicious JPEG file. Public-arc rep...

7.8CVSS6.3AI score0.01557EPSS
CVE
CVE
added 2022/03/23 12:0 a.m.93 views

CVE-2021-28275

CVE-2021-28275 affects JHead (versions 3.04 and 3.05). A DoS occurs due to a wild address read in the Get16u function in exif.c, leading to a segmentation fault when processing a crafted file. Public-related sources (GLSA-202210-17) note the issue with JHead across multiple releases and recommend...

5.5CVSS5.9AI score0.00653EPSS
CVE
CVE
added 2022/03/23 12:0 a.m.93 views

CVE-2021-28276

CVE-2021-28276 affects jhead 3.04 and 3.05; DoS via a wild address read in ProcessCanonMakerNoteDir (makernote.c). Impact: availability degradation. Mitigation: upgrade to jhead 3.06+ (per GLSA/Ubuntu advisories). No exploitation details provided in the sources; no further specifics beyond the ci...

7.5CVSS7.1AI score0.01083EPSS
CVE
CVE
added 2022/03/23 12:0 a.m.92 views

CVE-2021-28278

CVE-2021-28278 affects jhead 3.04/3.05; a Heap-based Buffer Overflow occurs in RemoveSectionType (jpgfile.c). GLSA-202210-17 and OSV entries corroborate the vuln; remediation advised by GLSA is to upgrade to jhead ≥ 3.06.0.1.

7.8CVSS7.5AI score0.00857EPSS
CVE
CVE
added 2022/10/17 12:0 a.m.92 views

CVE-2022-41751

CVE-2022-41751 affects JHead (v3.06.0.1). The vulnerability allows an attacker to execute arbitrary OS commands by embedding them in a JPEG filename and using the -rgt50 regeneration option, via a local attack vector (verified in multiple advisories). Public‑facing details confirm affected packag...

7.8CVSS7.7AI score0.00444EPSS
CVE
CVE
added 2022/03/23 12:0 a.m.90 views

CVE-2021-28277

Summary: CVE-2021-28277 affects JHead (jhead) versions 3.04 and 3.05, with a heap-based buffer overflow in the RemoveUnknownSections function of jpgfile.c. This is documented across multiple feeds (NVD/NVD-derived OSV entries, Gentoo GLSA, and Linux OSS advisories). The vulnerability stems from i...

7.8CVSS7.5AI score0.00854EPSS
CVE
CVE
added 2022/11/04 12:0 a.m.89 views

CVE-2021-34055

CVE-2021-34055 affects jhead (EXIF JPEG header tool). A buffer overflow in exif.c Put16u and related handling can enable crafted JPEGs to trigger overflow, potentially allowing command execution or denial of service. Affected releases include older jhead packages across Debian/Ubuntu/DLSA advisor...

7.8CVSS7.3AI score0.00422EPSS
CVE
CVE
added 2019/11/17 3:52 p.m.67 views

CVE-2019-19035

CVE-2019-19035 affects jhead 3.03, with a heap-based buffer over-read in ReadJpegSections and process_SOFn (jpgfile.c) that can cause a Denial of Service when opening a specially crafted JPEG. Public advisories (Mageia MGASA-2020-0014; Fedora advisories) indicate the fix upgrades to jhead 3.04. O...

5.5CVSS5.5AI score0.01042EPSS
CVE
CVE
added 2025/05/30 12:0 a.m.66 views

CVE-2025-44906

CVE-2025-44906 : jhead v3.08 contains a heap-use-after-free in the ProcessFile function (jhead.c), causing memory corruption. Public sources describe an application‑level issue upon processing crafted JPEG files; CVSSv3.1 base score is 7.8 (HIGH) with local access and user interaction required. T...

7.8CVSS7.5AI score0.00211EPSS
CVE
CVE
added 2022/02/02 11:51 a.m.63 views

CVE-2020-26208

CVE-2020-26208 affects JHEAD. A heap-buffer-overflow in ReadJpegSections (jhead-3.04, jpgfile.c:285) could cause a program crash or return incorrect EXIF data when processing crafted JPEGs. Public advisories across multiple sources (NVD, OSV, Ubuntu USN references) confirm the issue and advise up...

6.1CVSS5.8AI score0.0089EPSS
CVE
CVE
added 2023/06/13 12:0 a.m.55 views

CVE-2022-28550

CVE-2022-28550 affects JHead 3.06. The vulnerability is a stack buffer overflow caused by copying into a fixed-size stack buffer when processing shellescape(), specifically when handling multiple &i or &o values; boundary checks on the stack buffer are missing. Reports across OSV, NVD, and Nessus...

9.8CVSS9.7AI score0.01047EPSS