PT-2022-9883 · Jhead+4 · Jhead+4
Giantbranch
·
Published
2021-04-26
·
Updated
2023-05-29
·
CVE-2021-28275
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
jhead versions 3.04 through 3.05
Description
A Denial of Service issue exists due to a wild address read in the
Get16u function in exif.c, which can cause a segmentation fault via a crafted file.Recommendations
For jhead version 3.04, update to a version that fixes the issue in the
Get16u function.
For jhead version 3.05, update to a version that fixes the issue in the Get16u function.
As a temporary workaround, consider restricting access to the exif.c file or the Get16u function until a patch is available.Exploit
Fix
DoS
Incorrect Type Conversion or Cast
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Debian
Linuxmint
Ubuntu
Jhead