John Dong

#11809of 53,632
23.2Total CVSS
Vulnerabilities · 4
Low
1
Medium
2
High
1
PT-2008-5852
4.6
2008-10-21
Murray Brown · Jhead · CVE-2008-4639
**Name of the Vulnerable Software and Affected Versions** jhead versions 2.84 and earlier **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file in jhead.c. **Recommendations** For versions 2.84 and earlier, consider updating to a newer version that contains a fix for this issue, or as a temporary workaround, restrict access to temporary files created by jhead to minimize the risk of exploitation.
PT-2008-5853
3.6
2008-10-21
Jhead · Jhead · CVE-2008-4640
**Name of the Vulnerable Software and Affected Versions** jhead versions 2.84 and earlier **Description** The issue allows local users to delete arbitrary files through specific modifications to the input filename, involving the replacement of a final "z" character with a "t" character or a final "t" character with a "z" character in the `DoCommand` function. **Recommendations** For jhead versions 2.84 and earlier, consider restricting access to the `DoCommand` function until a patch is available. As a temporary workaround, avoid using the `DoCommand` function with modified input filenames that could lead to arbitrary file deletion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2008-5854
10
2008-10-21
Matsushita · Jhead · CVE-2008-4641
**Name of the Vulnerable Software and Affected Versions** jhead versions 2.84 and earlier **Description** The issue allows attackers to execute arbitrary commands via shell metacharacters in unspecified input, due to a problem in the DoCommand function in jhead.c. **Recommendations** For jhead versions 2.84 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2008-5794
5.0
2008-10-15
Matthew Petroff · Jhead · CVE-2008-4575
**Name of the Vulnerable Software and Affected Versions** jhead versions prior to 2.84 **Description** A buffer overflow issue exists in the DoCommand function, potentially allowing attackers to cause a denial of service (crash) via a long -cmd argument and other unspecified vectors related to string overflows. **Recommendations** For versions prior to 2.84, update to version 2.84 or later to resolve the issue.