Vulnerabilities > CVE-2020-26208 - Out-of-bounds Write vulnerability in Jhead Project Jhead

CVSS 6.1 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

jhead-project

CWE-787

NVD

Published: 2022-02-02

Updated: 2022-02-07

Summary

JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue.

Vulnerable Configurations

Part	Description	Count
Application	Jhead_Project Jhead Project Jhead 1.2 Jhead Project Jhead 1.3 Jhead Project Jhead 1.4 Jhead Project Jhead 1.5 Jhead Project Jhead 1.6 Jhead Project Jhead 1.7 Jhead Project Jhead 1.8 Jhead Project Jhead 1.9 Jhead Project Jhead 2.0 Jhead Project Jhead 2.1 Jhead Project Jhead 2.2 Jhead Project Jhead 2.3 Jhead Project Jhead 2.4 Jhead Project Jhead 2.4-1 Jhead Project Jhead 2.4-2 Jhead Project Jhead 2.5 Jhead Project Jhead 2.6 Jhead Project Jhead 2.7 Jhead Project Jhead 2.8 Jhead Project Jhead 2.82 Jhead Project Jhead 2.84 Jhead Project Jhead 2.86 Jhead Project Jhead 2.87 Jhead Project Jhead 2.88 Jhead Project Jhead 2.90 Jhead Project Jhead 2.93 Jhead Project Jhead 2.94 Jhead Project Jhead 2.95 Jhead Project Jhead 2.96 Jhead Project Jhead 2.97 Jhead Project Jhead 3.0 Jhead Project Jhead 3.02 Jhead Project Jhead 3.03	33

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References