CVE-2008-4640

Name of the Vulnerable Software and Affected Versions jhead versions 2.84 and earlier

Description The issue allows local users to delete arbitrary files through specific modifications to the input filename, involving the replacement of a final "z" character with a "t" character or a final "t" character with a "z" character in the DoCommand function.

Recommendations For jhead versions 2.84 and earlier, consider restricting access to the DoCommand function until a patch is available. As a temporary workaround, avoid using the DoCommand function with modified input filenames that could lead to arbitrary file deletion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.