PT-2016-2563 · Matthew Petroff+2 · Jhead+2

Marco Nelissen

Publicado

2016-08-05

Atualizado

2024-06-15

CVE-2016-3822

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions jhead versions 2.87 Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-08-01

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service via crafted EXIF data. This is due to a buffer overflow in the exif.c file of the jhead tool, which is used in the libjhead library in Android.

Recommendations For jhead version 2.87, update to a newer version to mitigate the risk. For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-08-01, update to a version released on or after 2016-08-01.

Correção

RCE

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2016-01955

CVE-2016-3822

DLA-864-1

DSA-3825-1

MGASA-2017-0105

OPENSUSE-SU-2018_2827-1

OPENSUSE-SU-2021:0743-1

OPENSUSE-SU-2021:0752-1

OPENSUSE-SU-2021_0743-1

OPENSUSE-SU-2024:10880-1

Produtos afetados

Android

Suse

Jhead

PT-2016-2563 · Matthew Petroff+2 · Jhead+2

CVE-2016-3822

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 36