Matthew Mccormick · Jhead · CVE-2019-1010302
Name of the Vulnerable Software and Affected Versions:
jhead version 3.03
Description:
The issue is related to incorrect access control, which can lead to a denial of service. This occurs when the victim opens a specially crafted JPEG file, affecting the iptc.c component, specifically the show IPTC() function at line 122.
Recommendations:
For jhead version 3.03, as a temporary workaround, consider avoiding the use of the show IPTC() function in the iptc.c component until a patch is available. Restrict access to specially crafted JPEG files to minimize the risk of exploitation.