UbuntuUpdates.org

Package "jhead"

Name: jhead

Description:

manipulate the non-image part of Exif compliant JPEG files

Latest version: 1:3.06.0.1-2ubuntu0.22.04.1
Release: jammy (22.04)
Level: security
Repository: universe
Homepage: https://www.sentex.net/~mwandel/jhead/

Links


Download "jhead"


Other versions of "jhead" in Jammy

Repository Area Version
base universe 1:3.06.0.1-2
updates universe 1:3.06.0.1-2ubuntu0.22.04.1

Changelog

Version: 1:3.06.0.1-2ubuntu0.22.04.1 2023-05-25 08:07:08 UTC

  jhead (1:3.06.0.1-2ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow while rotating an image
    - debian/patches/CVE-2021-34055.patch: If a read EXIF section in
      jpgfile.c, then discard it.
    - CVE-2021-34055
  * SECURITY UPDATE: code execution when regenerating the Exif thumbnail
    - debian/patches/CVE-2022-41751.patch: Adds a check in jhead.c for
      dangerous characters in filenames.
    - CVE-2022-41751

 -- George-Andrei Iosif <email address hidden> Wed, 24 May 2023 14:13:36 +0300

CVE-2021-34055 jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.
CVE-2022-41751 Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.



About   -   Send Feedback to @ubuntu_updates