CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-44906
https://notcve.org/view.php?id=CVE-2025-44906
30 May 2025 — jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c. • https://github.com/madao123123/crash_report/blob/main/jhead/jhead.md • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28550 – Gentoo Linux Security Advisory 202406-05
https://notcve.org/view.php?id=CVE-2022-28550
13 Jun 2023 — Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given. Multiple vulnerabilities have been discovered in JHead, the worst of which may lead to arbitrary code execution. Versions greater than or equal to 3.08 are affected. • https://github.com/Matthias-Wandel/jhead/commit/64894dbc7d8e1e232e85f1cab25c64290b2fc167 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-34055 – Debian Security Advisory 5294-1
https://notcve.org/view.php?id=CVE-2021-34055
04 Nov 2022 — jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. jhead 3.06 es vulnerable al desbordamiento del búfer a través de exif.c en la función Put16u. It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. Kyle Brown discovered that Jhead did not properly handle certain crafted images while regenerating the Exif thumbnail. An attacker could possibly use this... • https://github.com/Matthias-Wandel/jhead/issues/36 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2022-41751 – Debian Security Advisory 5294-1
https://notcve.org/view.php?id=CVE-2022-41751
17 Oct 2022 — Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. Jhead versión 3.06.0.1, permite a atacantes ejecutar comandos arbitrarios del Sistema Operativo al colocarlos en un nombre de archivo JPEG y usando después la opción de regeneración -rgt50 It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could possibly use this issue to crash Jhead, resulting in a denial... • https://github.com/Matthias-Wandel/jhead • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-28278 – Ubuntu Security Notice USN-6098-1
https://notcve.org/view.php?id=CVE-2021-28278
23 Mar 2022 — A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c. Se presenta una vulnerabilidad de Desbordamiento del Búfer en la región Heap de la memoria en jhead versiones 3.04 y 3.05, por medio de la función RemoveSectionType en el archivo jpgfile.c It was discovered that Jhead did not properly handle certain crafted images while processing the JFIF markers. An attacker could cause Jhead to crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu ... • https://github.com/Matthias-Wandel/jhead/issues/15 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-28275 – Ubuntu Security Notice USN-6110-1
https://notcve.org/view.php?id=CVE-2021-28275
23 Mar 2022 — A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file. Se presenta una vulnerabilidad de Denegación de Servicio en jhead versiones 3.04 y 3.05, debido a una lectura de dirección salvaje en la función Get16u en el archivoexif.c en causará un fallo de segmentación por medio de un crafted_file It was discovered that Jhead did not properly handle certain crafted Canon images when processing ... • https://github.com/Matthias-Wandel/jhead/issues/17 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28276 – Ubuntu Security Notice USN-6098-1
https://notcve.org/view.php?id=CVE-2021-28276
23 Mar 2022 — A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. Se presenta una vulnerabilidad de denegación de servicio en jhead versiones 3.04 y 3.05, por medio de una lectura de una dirección salvaje en la función ProcessCanonMakerNoteDir en el archivo makernote.c It was discovered that Jhead did not properly handle certain crafted images while processing the JFIF markers. An attacker could cause Jhead to crash. This issue o... • https://github.com/Matthias-Wandel/jhead/issues/1 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-28277 – Gentoo Linux Security Advisory 202210-17
https://notcve.org/view.php?id=CVE-2021-28277
23 Mar 2022 — A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c. Se presenta una vulnerabilidad de Desbordamiento del Búfer en la región Heap de la memoria en jhead versiones 3.04 y 3.05, está afectada por: Desbordamiento del búfer por medio de la función RemoveUnknownSections en el archivo jpgfile.c Multiple vulnerabilities have been found in JHead, the worst of which could result in denial of service. Versions less... • https://github.com/Matthias-Wandel/jhead/issues/16 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-26208 – Heap-buffer-overflow in jhead
https://notcve.org/view.php?id=CVE-2020-26208
02 Feb 2022 — JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue. • https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900821 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3496 – Ubuntu Security Notice USN-6110-1
https://notcve.org/view.php?id=CVE-2021-3496
22 Apr 2021 — A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. Se encontró un desbordamiento de búfer en la región heap de la memoria en jhead en versión 3.06, en la función Get16u() en el archivo exif.c cuando se procesa un archivo diseñado It was discovered that Jhead did not properly handle certain crafted Canon images when processing them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. It was discovered t... • https://bugzilla.redhat.com/show_bug.cgi?id=1949245 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •