Lucene search

UbuntuUSN-6110-1

HistoryMay 29, 2023 - 12:00 a.m.

Jhead vulnerabilities

2023-05-2900:00:00

ubuntu.com

ubuntu

jhead

vulnerabilities

crafted images

denial of service

canon

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.4%

JSON

Releases

Ubuntu 23.04
Ubuntu 22.10
Ubuntu 22.04 LTS
Ubuntu 20.04 LTS
Ubuntu 18.04 ESM
Ubuntu 16.04 ESM
Ubuntu 14.04 ESM

Packages

jhead - Manipulate the non-image part of Exif compliant JPEG files

Details

It was discovered that Jhead did not properly handle certain crafted Canon
images when processing them. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
(CVE-2021-3496)

It was discovered that Jhead did not properly handle certain crafted images
when printing Canon-specific information. An attacker could possibly use this
issue to crash Jhead, resulting in a denial of service. This issue only
affected Ubuntu 20.04. (CVE-2021-28275)

It was discovered that Jhead did not properly handle certain crafted images
when removing unknown sections. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04
LTS. (CVE-2021-28277)

Kyle Brown discovered that Jhead did not properly handle certain crafted
images when editing their comments. An attacker could possibly use this to
crash Jhead, resulting in a denial of service. (LP: #2020068)

OSVersionArchitecturePackageVersionFilename
Ubuntu23.04noarchjhead< 1:3.06.0.1-6ubuntu0.23.04.1UNKNOWN
Ubuntu23.04noarchjhead-dbgsym< 1:3.06.0.1-6ubuntu0.23.04.1UNKNOWN
Ubuntu22.10noarchjhead< 1:3.06.0.1-2ubuntu0.22.10.2UNKNOWN
Ubuntu22.10noarchjhead-dbgsym< 1:3.06.0.1-2ubuntu0.22.10.2UNKNOWN
Ubuntu22.04noarchjhead< 1:3.06.0.1-2ubuntu0.22.04.1+esm1UNKNOWN
Ubuntu22.04noarchjhead< 1:3.06.0.1-2ubuntu0.22.04.1UNKNOWN
Ubuntu22.04noarchjhead-dbgsym< 1:3.06.0.1-2ubuntu0.22.04.1UNKNOWN
Ubuntu20.04noarchjhead< 1:3.04-1ubuntu0.2+esm1UNKNOWN
Ubuntu20.04noarchjhead< 1:3.04-1ubuntu0.2UNKNOWN
Ubuntu20.04noarchjhead-dbgsym< 1:3.04-1ubuntu0.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	23.04	noarch	jhead	< 1:3.06.0.1-6ubuntu0.23.04.1	UNKNOWN
Ubuntu	23.04	noarch	jhead-dbgsym	< 1:3.06.0.1-6ubuntu0.23.04.1	UNKNOWN
Ubuntu	22.10	noarch	jhead	< 1:3.06.0.1-2ubuntu0.22.10.2	UNKNOWN
Ubuntu	22.10	noarch	jhead-dbgsym	< 1:3.06.0.1-2ubuntu0.22.10.2	UNKNOWN
Ubuntu	22.04	noarch	jhead	< 1:3.06.0.1-2ubuntu0.22.04.1+esm1	UNKNOWN
Ubuntu	22.04	noarch	jhead	< 1:3.06.0.1-2ubuntu0.22.04.1	UNKNOWN
Ubuntu	22.04	noarch	jhead-dbgsym	< 1:3.06.0.1-2ubuntu0.22.04.1	UNKNOWN
Ubuntu	20.04	noarch	jhead	< 1:3.04-1ubuntu0.2+esm1	UNKNOWN
Ubuntu	20.04	noarch	jhead	< 1:3.04-1ubuntu0.2	UNKNOWN
Ubuntu	20.04	noarch	jhead-dbgsym	< 1:3.04-1ubuntu0.2	UNKNOWN