CVE-2025-44906 — Use After Free in Project Jhead

Severity

7.8HIGHNVD

EPSS

0.1%

top 76.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMay 30

Description

jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

OSV

CVE-2025-44906: jhead v3↗2025-05-30

▶

GHSA

GHSA-4q97-mrgv-92q2: jhead v3↗2025-05-30

▶