3 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given. • https://github.com/Matthias-Wandel/jhead/commit/64894dbc7d8e1e232e85f1cab25c64290b2fc167 https://github.com/Matthias-Wandel/jhead/issues/51 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. jhead 3.06 es vulnerable al desbordamiento del búfer a través de exif.c en la función Put16u. • https://github.com/Matthias-Wandel/jhead/issues/36 https://lists.debian.org/debian-lts-announce/2022/12/msg00004.html https://www.debian.org/security/2022/dsa-5294 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. Se encontró un desbordamiento de búfer en la región heap de la memoria en jhead en versión 3.06, en la función Get16u() en el archivo exif.c cuando se procesa un archivo diseñado • https://bugzilla.redhat.com/show_bug.cgi?id=1949245 https://github.com/Matthias-Wandel/jhead/issues/33 https://security.gentoo.org/glsa/202210-17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •