Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Jhead Project Subscribe
Filtered by product Jhead
Total 16 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-1010302 3 Debian, Fedoraproject, Jhead Project 3 Debian Linux, Fedora, Jhead 2023-02-28 4.3 MEDIUM 5.5 MEDIUM
jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.
CVE-2021-34055 2 Debian, Jhead Project 2 Debian Linux, Jhead 2023-02-03 N/A 7.8 HIGH
jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.
CVE-2022-41751 3 Debian, Fedoraproject, Jhead Project 3 Debian Linux, Fedora, Jhead 2023-02-03 N/A 7.8 HIGH
Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.
CVE-2021-3496 1 Jhead Project 1 Jhead 2022-12-06 6.8 MEDIUM 7.8 HIGH
A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file.
CVE-2021-28278 1 Jhead Project 1 Jhead 2022-11-16 6.8 MEDIUM 7.8 HIGH
A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c.
CVE-2021-28277 1 Jhead Project 1 Jhead 2022-11-16 6.8 MEDIUM 7.8 HIGH
A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c.
CVE-2021-28276 1 Jhead Project 1 Jhead 2022-11-16 5.0 MEDIUM 7.5 HIGH
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c.
CVE-2021-28275 1 Jhead Project 1 Jhead 2022-11-16 4.3 MEDIUM 5.5 MEDIUM
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file.
CVE-2020-6624 1 Jhead Project 1 Jhead 2022-11-07 5.8 MEDIUM 7.1 HIGH
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.
CVE-2020-6625 1 Jhead Project 1 Jhead 2022-11-07 5.8 MEDIUM 7.1 HIGH
jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.
CVE-2019-1010301 3 Debian, Fedoraproject, Jhead Project 3 Debian Linux, Fedora, Jhead 2022-04-26 4.3 MEDIUM 5.5 MEDIUM
jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.
CVE-2020-26208 1 Jhead Project 1 Jhead 2022-02-07 5.8 MEDIUM 6.1 MEDIUM
JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue.
CVE-2018-6612 1 Jhead Project 1 Jhead 2020-08-24 4.3 MEDIUM 5.5 MEDIUM
An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.
CVE-2019-19035 1 Jhead Project 1 Jhead 2020-07-27 4.3 MEDIUM 5.5 MEDIUM
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.
CVE-2018-16554 1 Jhead Project 1 Jhead 2019-12-31 6.8 MEDIUM 7.8 HIGH
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.
CVE-2018-17088 1 Jhead Project 1 Jhead 2019-12-31 6.8 MEDIUM 7.8 HIGH
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability.