18 matches found
CVE-2020-6624
CVE-2020-6624 affects jhead up to version 3.04, with a heap-based buffer over-read in process_DQT (jpgqguess.c). Public advisories confirm impact on multiple distros and urge upgrading to newer jhead releases to mitigate. Debian/OpenSUSE/Gentoo/GNU/Linux advisories reference fixes; Mageia advises...
CVE-2020-6625
CVE-2020-6625 affects the jhead tool (up to and including version 3.04). The vulnerability is a heap-based buffer over-read in Get32s invoked from ProcessGpsInfo in gpsinfo.c, which can lead to partial confidentiality/availability impact as per CVSS. Public advisories indicate multiple vendors/de...
CVE-2019-1010302
The CVE-2019-1010302 issue is in JHead, with OpenSUSE advisories showing the fix in jhead 3.06.0.1 and noting multiple related CVEs (including 2019-1010302) resolved. The advisories describe improvements/fixes for JHead’s JPEG processing and fuzz testing, indicating the vulnerability involved pro...
CVE-2019-1010301
CVE-2019-1010301 is a vulnerability in jhead where a crafted JPEG can trigger a buffer overflow in the GPS info handling (gpsinfo.c) leading to a DoS. Several connected advisories note the issue across distros (e.g., Ubuntu/Debian openSUSE/Gentoo/MS). Remediation observed in multiple advisories i...
CVE-2021-3496
CVE-2021-3496 affects jhead (v3.06). A heap-based buffer overflow occurs in Get16u() in exif.c when processing a crafted file, potentially enabling arbitrary code execution or a crash as described by multiple advisories. Related disclosures indicate this vulnerability was addressed by upgrading t...
CVE-2018-6612
CVE-2018-6612 affects jhead, issue arising from an integer underflow in process_EXIF in exif.c that causes a heap-based buffer over-read when parsing JPEGs. Reports across multiple advisories indicate impact on jhead 3.00 and that updates exist (e.g., jhead updated to 3.06.x in several distributi...
CVE-2018-16554
CVE-2018-16554 affects jhead 3.00, where ProcessGpsInfo in gpsinfo.c mishandles a sprintf format string for TAG_GPS_ALT due to float/double mismatch, enabling a remote attacker to cause a denial-of-service or unspecified impact via a crafted JPEG. Public advisories (openSUSE/SUSE patches) show th...
CVE-2018-17088
CVE-2018-17088 affects jhead (notably the ProcessGpsInfo function in gpsinfo.c of version 3.00). An integer overflow when checking whether a GPS location exceeds the EXIF data length can allow a remote attacker to cause a denial-of-service or other impact via a malicious JPEG file. Public-arc rep...
CVE-2021-28275
CVE-2021-28275 affects JHead (versions 3.04 and 3.05). A DoS occurs due to a wild address read in the Get16u function in exif.c, leading to a segmentation fault when processing a crafted file. Public-related sources (GLSA-202210-17) note the issue with JHead across multiple releases and recommend...
CVE-2021-28276
CVE-2021-28276 affects jhead 3.04 and 3.05; DoS via a wild address read in ProcessCanonMakerNoteDir (makernote.c). Impact: availability degradation. Mitigation: upgrade to jhead 3.06+ (per GLSA/Ubuntu advisories). No exploitation details provided in the sources; no further specifics beyond the ci...
CVE-2021-28278
CVE-2021-28278 affects jhead 3.04/3.05; a Heap-based Buffer Overflow occurs in RemoveSectionType (jpgfile.c). GLSA-202210-17 and OSV entries corroborate the vuln; remediation advised by GLSA is to upgrade to jhead ≥ 3.06.0.1.
CVE-2022-41751
CVE-2022-41751 affects JHead (v3.06.0.1). The vulnerability allows an attacker to execute arbitrary OS commands by embedding them in a JPEG filename and using the -rgt50 regeneration option, via a local attack vector (verified in multiple advisories). Public‑facing details confirm affected packag...
CVE-2021-28277
Summary: CVE-2021-28277 affects JHead (jhead) versions 3.04 and 3.05, with a heap-based buffer overflow in the RemoveUnknownSections function of jpgfile.c. This is documented across multiple feeds (NVD/NVD-derived OSV entries, Gentoo GLSA, and Linux OSS advisories). The vulnerability stems from i...
CVE-2021-34055
CVE-2021-34055 affects jhead (EXIF JPEG header tool). A buffer overflow in exif.c Put16u and related handling can enable crafted JPEGs to trigger overflow, potentially allowing command execution or denial of service. Affected releases include older jhead packages across Debian/Ubuntu/DLSA advisor...
CVE-2019-19035
CVE-2019-19035 affects jhead 3.03, with a heap-based buffer over-read in ReadJpegSections and process_SOFn (jpgfile.c) that can cause a Denial of Service when opening a specially crafted JPEG. Public advisories (Mageia MGASA-2020-0014; Fedora advisories) indicate the fix upgrades to jhead 3.04. O...
CVE-2025-44906
CVE-2025-44906 : jhead v3.08 contains a heap-use-after-free in the ProcessFile function (jhead.c), causing memory corruption. Public sources describe an application‑level issue upon processing crafted JPEG files; CVSSv3.1 base score is 7.8 (HIGH) with local access and user interaction required. T...
CVE-2020-26208
CVE-2020-26208 affects JHEAD. A heap-buffer-overflow in ReadJpegSections (jhead-3.04, jpgfile.c:285) could cause a program crash or return incorrect EXIF data when processing crafted JPEGs. Public advisories across multiple sources (NVD, OSV, Ubuntu USN references) confirm the issue and advise up...
CVE-2022-28550
CVE-2022-28550 affects JHead 3.06. The vulnerability is a stack buffer overflow caused by copying into a fixed-size stack buffer when processing shellescape(), specifically when handling multiple &i or &o values; boundary checks on the stack buffer are missing. Reports across OSV, NVD, and Nessus...