7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
62.0%
Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing
them in a JPEG filename and then using the regeneration -rgt50 option.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | jhead | < 1:3.00-8~ubuntu0.2 | UNKNOWN |
ubuntu | 20.04 | noarch | jhead | < 1:3.04-1ubuntu0.2 | UNKNOWN |
ubuntu | 22.04 | noarch | jhead | < 1:3.06.0.1-2ubuntu0.22.04.1 | UNKNOWN |
ubuntu | 22.10 | noarch | jhead | < 1:3.06.0.1-2ubuntu0.22.10.1 | UNKNOWN |
ubuntu | 14.04 | noarch | jhead | < 1:2.97-1+deb8u2ubuntu0.1~esm2 | UNKNOWN |
ubuntu | 16.04 | noarch | jhead | < 1:3.00-4+deb9u1ubuntu0.1~esm2 | UNKNOWN |
github.com/Matthias-Wandel/jhead/commit/3fe905cf674f8dbac8a89e58cee1b4850abf9530
github.com/Matthias-Wandel/jhead/commit/6985da52c9ad4f5f6c247269cb5508fae34a971c
github.com/Matthias-Wandel/jhead/commit/ec67262b8e5a4b05d8ad6898a09f1dc3fc032062
github.com/Matthias-Wandel/jhead/pull/57
launchpad.net/bugs/cve/CVE-2022-41751
nvd.nist.gov/vuln/detail/CVE-2022-41751
security-tracker.debian.org/tracker/CVE-2022-41751
ubuntu.com/security/notices/USN-6108-1
www.cve.org/CVERecord?id=CVE-2022-41751