CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6624
https://notcve.org/view.php?id=CVE-2020-6624
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. jhead versiones hasta la versión 3.04, tiene una lectura excesiva del búfer en la región heap de la memoria en la función process_DQT en el archivo jpgqguess.c. • https://bugs.gentoo.org/711220#c3 https://bugs.gentoo.org/876247#c0 https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744 https://security.gentoo.org/glsa/202007-17 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19035
https://notcve.org/view.php?id=CVE-2019-19035
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file. jhead versión 3.03, está afectado por: lectura excesiva del búfer en la región heap de la memoria. El impacto es: Denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1765647 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPNV43VBUCMUBRBKPJBY4DDSYLHQ2GFR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UOL6LCMEVOOB342EJ4TKWTPJAJPJSVWH https://security.gentoo.org/glsa/202007-17 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 2CVE-2019-1010301
https://notcve.org/view.php?id=CVE-2019-1010301
jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file. jhead versión 3.03 se ve afectado por: Desbordamiento de búfer. El impacto es: Denegación de servicio. • https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1838251 https://bugzilla.redhat.com/show_bug.cgi?id=1679952 https://launchpadlibrarian.net/435112680/32_crash_in_gpsinfo https://lists.debian.org/debian-lts-announce/2019/12/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WVQTORTGQE56XXC6OVHQCSCUGABRMQZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTGUHTJTQ6EKEPDXFSKZKVLUJC4UAPBQ https://security.gentoo.org/gl • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-1010302
https://notcve.org/view.php?id=CVE-2019-1010302
jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file. jhead versión 3.03 se ve afectada por: Control de acceso incorrecto. El impacto es: Denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1679978 https://lists.debian.org/debian-lts-announce/2019/12/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WVQTORTGQE56XXC6OVHQCSCUGABRMQZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTGUHTJTQ6EKEPDXFSKZKVLUJC4UAPBQ https://security.gentoo.org/glsa/202007-17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17088
https://notcve.org/view.php?id=CVE-2018-17088
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability. La función ProcessGpsInfo del archivo gpsinfo.c de jhead 3.00 podría permitir que un atacante remoto provoque un ataque de denegación de servicio (DoS) u otro tipo de impacto sin especificar mediante un archivo JPEG malicioso. Esto se debe a que hay un desbordamiento de enteros durante una comprobación de si una ubicación excede la longitud de datos de EXIF. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907925 https://lists.debian.org/debian-lts-announce/2019/12/msg00037.html • CWE-190: Integer Overflow or Wraparound •