PT-2016-2563 · Matthew Petroff+2 · Jhead+2
Marco Nelissen
·
Published
2016-08-05
·
Updated
2024-06-15
·
CVE-2016-3822
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
jhead versions 2.87
Android versions 4.x through 4.4.3
Android versions 5.0.x through 5.0.1
Android versions 5.1.x through 5.1.0
Android versions 6.x before 2016-08-01
Description
The issue allows remote attackers to execute arbitrary code or cause a denial of service via crafted EXIF data. This is due to a buffer overflow in the exif.c file of the jhead tool, which is used in the libjhead library in Android.
Recommendations
For jhead version 2.87, update to a newer version to mitigate the risk.
For Android versions 4.x through 4.4.3, update to version 4.4.4 or later.
For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later.
For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later.
For Android versions 6.x before 2016-08-01, update to a version released on or after 2016-08-01.
Fix
RCE
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android
Suse
Jhead