Package "jhead"
Name: |
jhead
|
Description: |
manipulate the non-image part of Exif compliant JPEG files
|
Latest version: |
1:3.00-8~ubuntu0.2 |
Release: |
bionic (18.04) |
Level: |
security |
Repository: |
universe |
Homepage: |
http://www.sentex.net/~mwandel/jhead/ |
Links
Download "jhead"
Other versions of "jhead" in Bionic
Changelog
jhead (1:3.00-8~ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow while rotating an image
- debian/patches/CVE-2021-34055.patch: If a read EXIF section in
jpgfile.c, then discard it.
- CVE-2021-34055
* SECURITY UPDATE: code execution when regenerating the Exif thumbnail
- debian/patches/CVE-2022-41751.patch: Adds a check in jhead.c for
dangerous characters in filenames.
- CVE-2022-41751
-- George-Andrei Iosif <email address hidden> Wed, 24 May 2023 14:04:08 +0300
|
Source diff to previous version |
CVE-2021-34055 |
jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u. |
CVE-2022-41751 |
Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. |
|
jhead (1:3.00-8~ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: heap out-of-bounds read when processing the JFIF markers
- debian/patches/CVE-2019-19035.patch: Adds verifications in jpgfile.c. The
number of sections should be greater than 7. The JFIF header should exist
before verifying its magic bytes.
- CVE-2019-19035
* SECURITY UPDATE: stack buffer overflow when processing longitude tags
- debian/patches/CVE-2019-1010301.patch: Replaces a call to sprintf with
one to snprinf in gpsinfo.c.
- CVE-2019-1010301
* SECURITY UPDATE: heap buffer overflow when processing IPTC data
- debian/patches/CVE-2019-1010302.patch: Ensures the length of IPTC data is
strictly positive in iptc.c.
- CVE-2019-1010302
* SECURITY UPDATE: heap buffer overflow when processing the DQT markers
- debian/patches/CVE-2020-6624.patch: Adds further DQT verifications in
jpgqguess.c.
- CVE-2020-6624
* SECURITY UPDATE: heap out-of-bounds read when processing longitude tags
- debian/patches/CVE-2020-6625.patch: Adds further verifications in
gpsinfo.c.
- CVE-2020-6625
* SECURITY UPDATE: heap buffer overflow when reading JPEG sections
- debian/patches/CVE-2020-26208.patch: Allocates additional 20 bytes in
jpgfile.c.
- CVE-2020-26208
* SECURITY UPDATE: heap out-of-bounds read when processing Canon images
- debian/patches/CVE-2021-28276_28278.patch: Adds further verifications in
makernote.c.
- CVE-2021-28276
* SECURITY UPDATE: heap buffer overflow when removing a certain type of
section
- debian/patches/CVE-2021-28276_28278.patch: Adds further verifications
while processing nested EXIF directories in exif.c.
- CVE-2021-28278
-- George-Andrei Iosif <email address hidden> Tue, 16 May 2023 11:57:25 +0300
|
Source diff to previous version |
CVE-2019-19035 |
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgf |
CVE-2019-1010301 |
jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vecto |
CVE-2019-1010302 |
jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vect |
CVE-2020-6624 |
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. |
CVE-2020-6625 |
jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. |
CVE-2020-26208 |
JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affecte |
CVE-2021-28276 |
A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. |
CVE-2021-28278 |
A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c. |
|
jhead (1:3.00-8~build0.18.04.1) bionic-security; urgency=medium
* fake sync from Debian
|
About
-
Send Feedback to @ubuntu_updates