CVE-2018-6612Out-of-bounds Read in Jhead

CWE-125Out-of-bounds ReadCWE-191Integer Underflow (Wrap or Wraparound)8 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 63.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jhead Project JheadDebian Jhead
Timeline
PublishedFeb 4
Latest updateMay 30

Description

An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/jhead< jhead 1:3.00-6 (bookworm)
Debianjhead_project/jhead< 1:3.00-6+3

🔴Vulnerability Details

2
GHSA
GHSA-73qf-rvc2-8ggj: An integer underflow bug in the process_EXIF function of the exif2022-05-13
OSV
CVE-2018-6612: An integer underflow bug in the process_EXIF function of the exif2018-02-04

📋Vendor Advisories

2
Ubuntu
Jhead vulnerability2023-05-30
Debian
CVE-2018-6612: jhead - An integer underflow bug in the process_EXIF function of the exif.c file of jhea...2018

💬Community

3
Bugzilla
CVE-2018-6612 jhead: Integer underflow in the process_EXIF function [epel-all]2018-02-05
Bugzilla
CVE-2018-6612 jhead: Integer underflow in the process_EXIF function [fedora-all]2018-02-05
Bugzilla
CVE-2018-6612 jhead: Integer underflow in the process_EXIF function2018-02-05
CVE-2018-6612 — Out-of-bounds Read in Debian Jhead | cvebase