CVE-2019-1010302Improper Restriction of Operations within the Bounds of a Memory Buffer in Jhead

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 73.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Jhead Project JheadDebian JheadJhead+2 more
Timeline
PublishedJul 15
Latest updateMay 23

Description

jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/jhead< jhead 1:3.03-2 (bookworm)
Debianjhead_project/jhead< 1:3.03-2+3
Ubuntujhead_project/jhead< 1:3.00-8~ubuntu0.1+3
CVEListV5jhead/jhead3.03

Also affects: Debian Linux 8.0, Fedora 29, 30

🔴Vulnerability Details

3
OSV
Jhead vulnerabilities2023-05-23
GHSA
GHSA-hq47-7f5j-hh4q: jhead 32022-05-24
OSV
CVE-2019-1010302: jhead 32019-07-15

📋Vendor Advisories

2
Ubuntu
Jhead vulnerabilities2023-05-23
Debian
CVE-2019-1010302: jhead - jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of se...2019

💬Community

3
Bugzilla
CVE-2019-1010302 jhead: incorrect access control in iptc.c Line 122 show_IPTC() causing denial of service [epel-all]2019-08-01
Bugzilla
CVE-2019-1010302 jhead: incorrect access control in iptc.c Line 122 show_IPTC() causing denial of service [fedora-all]2019-08-01
Bugzilla
CVE-2019-1010302 jhead: incorrect access control in iptc.c Line 122 show_IPTC() causing denial of service2019-08-01
CVE-2019-1010302 — Debian Jhead vulnerability | cvebase