Debian Jhead vulnerabilities

CVE-2024-2824 [MEDIUM] CVE-2024-2824: jhead - A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critic... A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257711.

CVE-2022-28550 [CRITICAL] CVE-2022-28550: jhead - Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescap... Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given. Scope: local bookworm: open bullseye:

CVE-2022-41751 [HIGH] CVE-2022-41751: jhead - Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them... Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. Scope: local bookworm: resolved (fixed in 1:3.06.0.1-3) bullseye: resolved (fixed in 1:3.04-6+deb11u1) forky: resolved (fixed in 1:3.06.0.1-3) sid: resolved (fixed in 1:3.06.0.1-3) trixie: resolved (fixed in 1:3.06.0.1-3)

CVE-2021-34055 [HIGH] CVE-2021-34055: jhead - jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. Scope: local bookworm: resolved (fixed in 1:3.06.0.1-5) bullseye: resolved (fixed in 1:3.04-6+deb11u1) forky: resolved (fixed in 1:3.06.0.1-5) sid: resolved (fixed in 1:3.06.0.1-5) trixie: resolved (fixed in 1:3.06.0.1-5)

CVE-2021-28276 [HIGH] CVE-2021-28276: jhead - A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild addre... A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. Scope: local bookworm: resolved (fixed in 1:3.06.0.1-2) bullseye: open forky: resolved (fixed in 1:3.06.0.1-2) sid: resolved (fixed in 1:3.06.0.1-2) trixie: resolved (fixed in 1:3.06.0.1-2)

CVE-2021-28278 [HIGH] CVE-2021-28278: jhead - A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the... A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c. Scope: local bookworm: resolved (fixed in 1:3.06.0.1-2) bullseye: open forky: resolved (fixed in 1:3.06.0.1-2) sid: resolved (fixed in 1:3.06.0.1-2) trixie: resolved (fixed in 1:3.06.0.1-2)

CVE-2021-28277 [HIGH] CVE-2021-28277: jhead - A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affec... A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c. Scope: local bookworm: resolved (fixed in 1:3.06.0.1-2) bullseye: open forky: resolved (fixed in 1:3.06.0.1-2) sid: resolved (fixed in 1:3.06.0.1-2) trixie: resolved (fixed in 1:3.06.0.1-2)

CVE-2021-28275 [MEDIUM] CVE-2021-28275: jhead - A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild ad... A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file. Scope: local bookworm: resolved (fixed in 1:3.06.0.1-2) bullseye: open forky: resolved (fixed in 1:3.06.0.1-2) sid: resolved (fixed in 1:3.06.0.1-2) trixie: resolved (fixed in 1:3.06.0.1-2)

CVE-2021-3496 [HIGH] CVE-2021-3496: jhead - A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in e... A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. Scope: local bookworm: resolved (fixed in 1:3.04-6) bullseye: resolved (fixed in 1:3.04-6) forky: resolved (fixed in 1:3.04-6) sid: resolved (fixed in 1:3.04-6) trixie: resolved (fixed in 1:3.04-6)

CVE-2020-6624 [HIGH] CVE-2020-6624: jhead - jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess... jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2020-26208 [MEDIUM] CVE-2020-26208: jhead - JHEAD is a simple command line tool for displaying and some manipulation of EXIF... JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval.

CVE-2020-6625 [HIGH] CVE-2020-6625: jhead - jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ... jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2020-28840 [HIGH] CVE-2020-28840: jhead - Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04... Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS). Scope: local bookworm: resolved (fixed in 1:3.06.0.1-2) bullseye: open forky: resolved (fixed in 1:3.06.0.1-2) sid: resolved (fixed in 1:3.06.0.1-2) trixie: resolved (fixed in 1:3.06.0.1-2)

CVE-2019-1010302 [MEDIUM] CVE-2019-1010302: jhead - jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of se... jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file. Scope: local bookworm: resolved (fixed in 1:3.03-2) bullseye: resolved (fixed in 1:3.03-2) forky: resolved (fixed in 1:3.03-2) sid: resolved (fixed in 1:3.0

CVE-2019-19035 [MEDIUM] CVE-2019-19035: jhead - jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of... jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file. Scope: local bookworm: resolved (fixed in 1:3.04-1) bullseye: resolved (fixed in 1:3.04-1) forky: resolved (fixed in 1:3.04-1) sid: resolved (fixed in 1:3

CVE-2019-1010301 [MEDIUM] CVE-2019-1010301: jhead - jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. Th... jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file. Scope: local bookworm: resolved (fixed in 1:3.03-2) bullseye: resolved (fixed in 1:3.03-2) forky: resolved (fixed in 1:3.03-2) sid: resolved (fixed in 1:3.03-2) trixie: reso

CVE-2018-17088 [HIGH] CVE-2018-17088: jhead - The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remo... The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c

CVE-2018-16554 [HIGH] CVE-2018-16554: jhead - The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remo... The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling. Scope: local bookworm: resolved (fixed in 1:3.00-8) bullseye: resolved (fixed in

CVE-2018-6612 [MEDIUM] CVE-2018-6612: jhead - An integer underflow bug in the process_EXIF function of the exif.c file of jhea... An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact. Scope: local bookworm: resolved (fixed in 1:3.00-6) bullseye: resolved (fixed in 1:3.00-6) forky: resolved (

CVE-2016-3822 [HIGH] CVE-2016-3822: jhead - exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before ... exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315. Scope: local bookworm: resolved (fixed in 1:3.00-4) bullseye: reso