Jhead Project Jhead 3.0

CPE Details

Jhead Project Jhead 3.0
jhead_project
jhead
3.0
2020-03-11
12h18 +00:00
2020-03-11
12h18 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:jhead_project:jhead:3.0:*:*:*:*:*:*:*

Informations

Vendor

jhead_project

Product

jhead

Version

3.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-26208 2022-02-02 11h51 +00:00 JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue.
6.1
Medium
CVE-2020-6624 2020-01-08 23h00 +00:00 jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.
7.1
High
CVE-2020-6625 2020-01-08 23h00 +00:00 jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.
7.1
High
CVE-2018-6612 2018-02-04 15h00 +00:00 An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.
5.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.