PT-2018-17670 · Jhead+3 · Jhead+3
Joonun Jang
·
Published
2018-02-04
·
Updated
2024-06-15
·
CVE-2018-6612
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
jhead version 3.00
Description
The issue is caused by an integer underflow bug in the
process EXIF function of the exif.c file, which leads to a heap-based buffer over-read when processing a malicious JPEG file. This may allow a remote attacker to cause a denial-of-service attack or have unspecified other impact.Recommendations
For jhead version 3.00, as a temporary workaround, consider disabling the
process EXIF function until a patch is available. Restrict access to the exif.c file to minimize the risk of exploitation. Avoid using jhead to process untrusted JPEG files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.DoS
Integer Underflow
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Suse
Ubuntu
Jhead