Debian Jhead vulnerabilities

CVE-2008-4575 [MEDIUM] CVE-2008-4575: jhead - Buffer overflow in the DoCommand function in jhead before 2.84 might allow conte... Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows." Scope: local bookworm: resolved (fixed in 2.84-1) bullseye: resolved (fixed in 2.84-1) forky: resolved (fixed in 2.84-1)

CVE-2008-4639 [MEDIUM] CVE-2008-4639: jhead - jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrit... jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. Scope: local bookworm: resolved (fixed in 2.84-1) bullseye: resolved (fixed in 2.84-1) forky: resolved (fixed in 2.84-1) sid: resolved (fixed in 2.84-1) trixie: resolved (fixed in 2.84-1)

CVE-2008-4641 [CRITICAL] CVE-2008-4641: jhead - The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allo... The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. Scope: local bookworm: resolved (fixed in 2.84-2) bullseye: resolved (fixed in 2.84-2) forky: resolved (fixed in 2.84-2) sid: resolved (fixed in 2.84-2) trixie: resolved (fixed in 2.84-2)

CVE-2008-4640 [LOW] CVE-2008-4640: jhead - The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allo... The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character. Scope: local bookworm: resolved (fixed in 2.85-1) bullseye: resolved (fixed i