CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2020-28840
https://notcve.org/view.php?id=CVE-2020-28840
Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS). Una vulnerabilidad de desbordamiento de búfer en jpgfile.c en jhead de Matthias-Wandel versión 3.04 permite a atacantes locales ejecutar código arbitrario y provocar una denegación de servicio (DoS). • https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900820 https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-xh27-xwgj-gqw2 https://github.com/Matthias-Wandel/jhead/commit/4827ed31c226dc5ed93603bd649e0e387a1778da https://github.com/Matthias-Wandel/jhead/issues/8 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-26208 – Heap-buffer-overflow in jhead
https://notcve.org/view.php?id=CVE-2020-26208
JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue. • https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900821 https://github.com/F-ZhaoYang/jhead/commit/5186ddcf9e35a7aa0ff0539489a930434a1325f4 https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-7pr6-xq4f-qhgc https://github.com/Matthias-Wandel/jhead/issues/7 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6625
https://notcve.org/view.php?id=CVE-2020-6625
jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. jhead versiones hasta la versión 3.04, tiene una lectura excesiva del búfer en la región heap de la memoria en Get32s cuando se llamó desde la función ProcessGpsInfo en gpsinfo.c. • https://bugs.gentoo.org/711220#c3 https://bugs.gentoo.org/876247#c0 https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858746 https://security.gentoo.org/glsa/202007-17 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6624
https://notcve.org/view.php?id=CVE-2020-6624
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. jhead versiones hasta la versión 3.04, tiene una lectura excesiva del búfer en la región heap de la memoria en la función process_DQT en el archivo jpgqguess.c. • https://bugs.gentoo.org/711220#c3 https://bugs.gentoo.org/876247#c0 https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744 https://security.gentoo.org/glsa/202007-17 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19035
https://notcve.org/view.php?id=CVE-2019-19035
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file. jhead versión 3.03, está afectado por: lectura excesiva del búfer en la región heap de la memoria. El impacto es: Denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1765647 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPNV43VBUCMUBRBKPJBY4DDSYLHQ2GFR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UOL6LCMEVOOB342EJ4TKWTPJAJPJSVWH https://security.gentoo.org/glsa/202007-17 • CWE-125: Out-of-bounds Read •