CVE-2019-1010301Out-of-bounds Write in Jhead

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 70.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Jhead Project JheadDebian JheadJhead+2 more
Timeline
PublishedJul 15
Latest updateMay 23

Description

jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/jhead< jhead 1:3.03-2 (bookworm)
Debianjhead_project/jhead< 1:3.03-2+3
Ubuntujhead_project/jhead< 1:3.00-8~ubuntu0.1+3
CVEListV5jhead/jhead3.03

Also affects: Debian Linux 8.0, Fedora 29, 30

Patches

Patch: launchpadlibrarian.netPatch: launchpadlibrarian.net

🔴Vulnerability Details

3
OSV
Jhead vulnerabilities2023-05-23
GHSA
GHSA-fxpv-rf34-gwcc: jhead 32022-05-24
OSV
CVE-2019-1010301: jhead 32019-07-15

📋Vendor Advisories

2
Ubuntu
Jhead vulnerabilities2023-05-23
Debian
CVE-2019-1010301: jhead - jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. Th...2019

💬Community

3
Bugzilla
CVE-2019-1010301 jhead: buffer overflow in gpsinfo.c Line 151 ProcessGpsInfo() causing denial of service2019-08-01
Bugzilla
CVE-2019-1010301 jhead: buffer overflow in gpsinfo.c Line 151 ProcessGpsInfo() causing denial of service [epel-all]2019-08-01
Bugzilla
CVE-2019-1010301 jhead: buffer overflow in gpsinfo.c Line 151 ProcessGpsInfo() causing denial of service [fedora-all]2019-08-01
CVE-2019-1010301 — Out-of-bounds Write in Debian Jhead | cvebase