CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-26208 – Heap-buffer-overflow in jhead
https://notcve.org/view.php?id=CVE-2020-26208
JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue. • https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900821 https://github.com/F-ZhaoYang/jhead/commit/5186ddcf9e35a7aa0ff0539489a930434a1325f4 https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-7pr6-xq4f-qhgc https://github.com/Matthias-Wandel/jhead/issues/7 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6625
https://notcve.org/view.php?id=CVE-2020-6625
jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. jhead versiones hasta la versión 3.04, tiene una lectura excesiva del búfer en la región heap de la memoria en Get32s cuando se llamó desde la función ProcessGpsInfo en gpsinfo.c. • https://bugs.gentoo.org/711220#c3 https://bugs.gentoo.org/876247#c0 https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858746 https://security.gentoo.org/glsa/202007-17 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6624
https://notcve.org/view.php?id=CVE-2020-6624
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. jhead versiones hasta la versión 3.04, tiene una lectura excesiva del búfer en la región heap de la memoria en la función process_DQT en el archivo jpgqguess.c. • https://bugs.gentoo.org/711220#c3 https://bugs.gentoo.org/876247#c0 https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744 https://security.gentoo.org/glsa/202007-17 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19035
https://notcve.org/view.php?id=CVE-2019-19035
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file. jhead versión 3.03, está afectado por: lectura excesiva del búfer en la región heap de la memoria. El impacto es: Denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1765647 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPNV43VBUCMUBRBKPJBY4DDSYLHQ2GFR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UOL6LCMEVOOB342EJ4TKWTPJAJPJSVWH https://security.gentoo.org/glsa/202007-17 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 2CVE-2019-1010301
https://notcve.org/view.php?id=CVE-2019-1010301
jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file. jhead versión 3.03 se ve afectado por: Desbordamiento de búfer. El impacto es: Denegación de servicio. • https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1838251 https://bugzilla.redhat.com/show_bug.cgi?id=1679952 https://launchpadlibrarian.net/435112680/32_crash_in_gpsinfo https://lists.debian.org/debian-lts-announce/2019/12/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WVQTORTGQE56XXC6OVHQCSCUGABRMQZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTGUHTJTQ6EKEPDXFSKZKVLUJC4UAPBQ https://security.gentoo.org/gl • CWE-787: Out-of-bounds Write •