CVE-2019-19035Out-of-bounds Read in Jhead

CWE-125Out-of-bounds Read10 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 61.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jhead Project JheadDebian Jhead
Timeline
PublishedNov 17
Latest updateMay 23

Description

jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/jhead< jhead 1:3.04-1 (bookworm)
Debianjhead_project/jhead< 1:3.04-1+3
Ubuntujhead_project/jhead< 1:3.00-8~ubuntu0.1+3

🔴Vulnerability Details

3
OSV
Jhead vulnerabilities2023-05-23
GHSA
GHSA-m4jc-jx4g-52vw: jhead 32022-05-24
OSV
CVE-2019-19035: jhead 32019-11-17

📋Vendor Advisories

2
Ubuntu
Jhead vulnerabilities2023-05-23
Debian
CVE-2019-19035: jhead - jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of...2019

📄Research Papers

1
arXiv
UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers2020-10-05

💬Community

3
Bugzilla
CVE-2019-19035 jhead: heap based over-read in ReadJpegSections and process_SOFn in jpgfile.c leads to denial of service2019-11-21
Bugzilla
CVE-2019-19035 jhead: heap based over-read in ReadJpegSections and process_SOFn in jpgfile.c leads to denial of service [epel-all]2019-11-21
Bugzilla
CVE-2019-19035 jhead: heap based over-read in ReadJpegSections and process_SOFn in jpgfile.c leads to denial of service [fedora-all]2019-11-21
CVE-2019-19035 — Out-of-bounds Read in Debian Jhead | cvebase