4 matches found
CVE-2008-4640
The CVE-2008-4640 issue affects jhead up to version 2.84, where DoCommand() could delete arbitrary files when the input filename is manipulated (replacing a trailing z with t or vice versa). Several advisories (openSUSE/SUSE jhead-399, Fedora 2009-1824/1776, Mandriva MDVSA-2009:041) confirm the v...
CVE-2008-4641
CVE-2008-4641 affects the jhead utility (before 2.84) where DoCommand mishandles input, allowing execution of arbitrary shell commands via shell metacharacters. Public advisories across distributions (openSUSE, Fedora, Mandriva, SUSE/NASL) show the issue being addressed by updated jhead packages ...
CVE-2008-4575
CVE-2008-4575 (jhead) : A buffer overflow in the DoCommand function of jhead prior to 2.84 can allow context-dependent attackers to cause a denial of service (crash) via a long -cmd argument and other string overflow-related vectors. Multiple security advisories reference this issue along with re...
CVE-2008-4639
CVE-2008-4639 affects jhead up to version 2.84, where jhead.c allows local users to overwrite arbitrary files via a symlink attack on a temporary file. This local, low‑complexity exploit can lead to partial impacts on confidentiality, integrity, and availability. The linked vendor advisories/patc...