Lucene search

K

Veracode Vulnerability DatabaseVERACODE:38178

HistoryNov 23, 2022 - 5:13 a.m.

OS Command Injection

2022-11-2305:13:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7

jhead

command injection

vulnerability

-rgt50

software

0.002 Low

EPSS

Percentile

62.0%

Jhead is vulnerable to os command injection. An attacker is able to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.

CPENameOperatorVersion
jhead:sideq1:3.04-4
jhead:sideq1:3.06.0.1-2
jhead:bullseyeeq1:3.04-5
jhead:bullseyeeq1:3.04-4
jhead:sideq1:3.04-4
jhead:sideq1:3.06.0.1-2
jhead:bullseyeeq1:3.04-5
jhead:bullseyeeq1:3.04-4

References

github.com/Matthias-Wandel/jhead

github.com/Matthias-Wandel/jhead/blob/63ce118c6a59ea64ac357236a11a47aaf569d622/jhead.c#L788

github.com/Matthias-Wandel/jhead/pull/57

lists.debian.org/debian-lts-announce/2022/12/msg00004.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NM6FET4ZNWV4EQGKZTLZFWTNVODGVOK/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EG26AD7KJAY5B6L6OERSGL4FRXJE3GOB/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAVB3ZX7E5ULEXESU5NXZIAHY6CVGCHB/

lists.fedoraproject.org/archives/list/[email protected]/message/5NM6FET4ZNWV4EQGKZTLZFWTNVODGVOK/

lists.fedoraproject.org/archives/list/[email protected]/message/EG26AD7KJAY5B6L6OERSGL4FRXJE3GOB/

lists.fedoraproject.org/archives/list/[email protected]/message/TAVB3ZX7E5ULEXESU5NXZIAHY6CVGCHB/

security-tracker.debian.org/tracker/CVE-2022-41751

www.debian.org/security/2022/dsa-5294

0.002 Low

EPSS

Percentile

62.0%

Related for VERACODE:38178

cve1 nessus10 fedora3 suse2 openvas8 prion1 ubuntucve1 debiancve1 nvd1 osv4 cvelist1 debian2 ubuntu1 gentoo1