Jhead Project Jhead 3.03

CPE Details

Jhead Project Jhead 3.03
jhead_project
jhead
3.03
2019-07-16
10h06 +00:00
2019-07-16
10h06 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:jhead_project:jhead:3.03:*:*:*:*:*:*:*

Informations

Vendor

jhead_project

Product

jhead

Version

3.03

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-26208 2022-02-02 11h51 +00:00 JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue.
6.1
Medium
CVE-2020-6624 2020-01-08 23h00 +00:00 jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.
7.1
High
CVE-2020-6625 2020-01-08 23h00 +00:00 jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.
7.1
High
CVE-2019-19035 2019-11-17 14h52 +00:00 jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.
5.5
Medium
CVE-2019-1010301 2019-07-15 15h10 +00:00 jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.
5.5
Medium
CVE-2019-1010302 2019-07-15 15h07 +00:00 jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.
5.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.