Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2022-28550

Disclosure Date: June 13, 2023 (last updated October 08, 2023)
Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-34055

Disclosure Date: November 04, 2022 (last updated February 24, 2025)
jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-41751

Disclosure Date: October 17, 2022 (last updated February 24, 2025)
Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-3496

Disclosure Date: April 22, 2021 (last updated February 22, 2025)
A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0