Matthias-Wandel/jhead

GitHub

github.com

Releases2

Frequency2 years 1 month

Last Release about 3 years ago

Stars256

Command line program to display and manipupate Exif headers of jpeg files, written in C

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-2824 ↗	Mar 22, 2024Friday, 22 March 2024, 18:15	6.3 MEDIUM	7.5 HIGH
A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257711.
CVE-2020-28840 ↗	Aug 11, 2023Friday, 11 August 2023, 14:15	7.8 HIGH	—
Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS).
CVE-2022-28550 ↗	Jun 13, 2023Tuesday, 13 June 2023, 20:15	9.8 CRITICAL	—
Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given.
CVE-2021-34055 ↗	Nov 4, 2022Friday, 4 November 2022, 17:15	7.8 HIGH	—
jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.
CVE-2022-41751 ↗	Oct 17, 2022Monday, 17 October 2022, 18:15	7.8 HIGH	—
Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.
CVE-2021-28275 ↗	Mar 23, 2022Wednesday, 23 March 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file.
CVE-2021-28276 ↗	Mar 23, 2022Wednesday, 23 March 2022, 21:15	7.5 HIGH	5 MEDIUM
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c.
CVE-2021-28277 ↗	Mar 23, 2022Wednesday, 23 March 2022, 21:15	7.8 HIGH	6.8 MEDIUM
A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c.
CVE-2021-28278 ↗	Mar 23, 2022Wednesday, 23 March 2022, 21:15	7.8 HIGH	6.8 MEDIUM
A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c.
CVE-2020-26208 ↗	Feb 2, 2022Wednesday, 2 February 2022, 12:15	5.3 MEDIUM	5.8 MEDIUM
JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue.
CVE-2021-3496 ↗	Apr 22, 2021Thursday, 22 April 2021, 19:15	7.8 HIGH	6.8 MEDIUM
A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file.