CVE-2020-28840 — Classic Buffer Overflow in Jhead

CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 92.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jhead Project Jhead Matthiaswandel Jhead Debian Jhead

Timeline

PublishedAug 11

Description

Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDmatthiaswandel/jhead< 3.04

▶debiandebian/jhead< jhead 1:3.06.0.1-2 (bookworm)

▶Debianjhead_project/jhead< 1:3.06.0.1-2+2

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-h46m-86hc-7cwf: Buffer Overflow vulnerability in jpgfile↗2023-08-11

▶

OSV

CVE-2020-28840: Buffer Overflow vulnerability in jpgfile↗2023-08-11

▶

📋Vendor Advisories

Debian

CVE-2020-28840: jhead - Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04...↗2020

▶