CVE-2018-16554Use of Externally-Controlled Format String in Jhead

CWE-134Use of Externally-Controlled Format StringCWE-190Integer Overflow or Wraparound12 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.3%
top 47.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jhead Project JheadDebian Jhead
Timeline
PublishedSep 16
Latest updateMay 13

Description

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/jhead< jhead 1:3.00-8 (bookworm)
Debianjhead_project/jhead< 1:3.00-8+3

Patches

Patch: nimo-zhang.github.ioPatch: nimo-zhang.github.io

🔴Vulnerability Details

4
GHSA
GHSA-727r-rxp4-hwwc: The ProcessGpsInfo function of the gpsinfo2022-05-13
GHSA
GHSA-pm9x-2x8v-8ww4: The ProcessGpsInfo function of the gpsinfo2022-05-13
OSV
CVE-2018-16554: The ProcessGpsInfo function of the gpsinfo2018-09-16
OSV
CVE-2018-17088: The ProcessGpsInfo function of the gpsinfo2018-09-16

📋Vendor Advisories

2
Debian
CVE-2018-17088: jhead - The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remo...2018
Debian
CVE-2018-16554: jhead - The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remo...2018

💬Community

4
Bugzilla
CVE-2018-16554 jhead: buffer overflow in a sprintf format string in TAG_GPS_ALT handling [fedora-all]2018-09-18
Bugzilla
CVE-2018-16554 jhead: buffer overflow in a sprintf format string in TAG_GPS_ALT handling [epel-all]2018-09-18
Bugzilla
CVE-2018-16554 jhead: buffer overflow in a sprintf format string in TAG_GPS_ALT handling2018-09-18
Bugzilla
CVE-2018-17088 jhead: Integer overflow in gpsinfo.c while running jhead2018-09-17
CVE-2018-16554 — Debian Jhead vulnerability | cvebase