CVE-2021-34055
Debian Security Advisory 5294-1
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.
jhead 3.06 es vulnerable al desbordamiento del búfer a través de exif.c en la función Put16u.
It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. Kyle Brown discovered that Jhead did not properly handle certain crafted images while regenerating the Exif thumbnail. An attacker could possibly use this issue to execute arbitrary commands.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-06-07 CVE Reserved
- 2022-11-04 CVE Published
- 2025-05-02 CVE Updated
- 2025-05-02 First Exploit
- 2025-05-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2022/12/msg00004.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/Matthias-Wandel/jhead/issues/36 | 2025-05-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2022/dsa-5294 | 2023-02-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Jhead Project Search vendor "Jhead Project" | Jhead Search vendor "Jhead Project" for product "Jhead" | 3.06 Search vendor "Jhead Project" for product "Jhead" and version "3.06" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||