CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28550
https://notcve.org/view.php?id=CVE-2022-28550
Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given. • https://github.com/Matthias-Wandel/jhead/commit/64894dbc7d8e1e232e85f1cab25c64290b2fc167 https://github.com/Matthias-Wandel/jhead/issues/51 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-34055
https://notcve.org/view.php?id=CVE-2021-34055
jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. jhead 3.06 es vulnerable al desbordamiento del búfer a través de exif.c en la función Put16u. • https://github.com/Matthias-Wandel/jhead/issues/36 https://lists.debian.org/debian-lts-announce/2022/12/msg00004.html https://www.debian.org/security/2022/dsa-5294 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3496
https://notcve.org/view.php?id=CVE-2021-3496
A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. Se encontró un desbordamiento de búfer en la región heap de la memoria en jhead en versión 3.06, en la función Get16u() en el archivo exif.c cuando se procesa un archivo diseñado • https://bugzilla.redhat.com/show_bug.cgi?id=1949245 https://github.com/Matthias-Wandel/jhead/issues/33 https://security.gentoo.org/glsa/202210-17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •