CVE-2018-6612

Name of the Vulnerable Software and Affected Versions jhead version 3.00

Description The issue is caused by an integer underflow bug in the process EXIF function of the exif.c file, which leads to a heap-based buffer over-read when processing a malicious JPEG file. This may allow a remote attacker to cause a denial-of-service attack or have unspecified other impact.

Recommendations For jhead version 3.00, as a temporary workaround, consider disabling the process EXIF function until a patch is available. Restrict access to the exif.c file to minimize the risk of exploitation. Avoid using jhead to process untrusted JPEG files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.