Ubuntu.comUB:CVE-2018-6612CVE-2018-6612
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
32.4%
An integer underflow bug in the process_EXIF function of the exif.c file of
jhead 3.00 raises a heap-based buffer over-read when processing a malicious
JPEG file, which may allow a remote attacker to cause a denial-of-service
attack or unspecified other impact.
Bugs
References
anonscm.debian.org/git/collab-maint/jhead.git/diff/debian/patches/0008-heap-buffer-overflow.patch?id=01f09ab772d0d341cdc1326490dd2aa5aa2a7784
bugs.debian.org/cgi-bin/bugreport.cgi?bug=889272
launchpad.net/bugs/cve/CVE-2018-6612
launchpad.net/ubuntu/+source/jhead/1:3.00-6
nvd.nist.gov/vuln/detail/CVE-2018-6612
security-tracker.debian.org/tracker/CVE-2018-6612
ubuntu.com/security/notices/USN-6113-1
www.cve.org/CVERecord?id=CVE-2018-6612
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
32.4%