Vulnerabilities > Jhead Project > Jhead > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2021-28275 | Incorrect Type Conversion or Cast vulnerability in Jhead Project Jhead 3.04/3.05 A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file. | 5.5 |
| 2022-02-02 | CVE-2020-26208 | Out-of-bounds Write vulnerability in Jhead Project Jhead JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. | 5.8 |
| 2019-11-17 | CVE-2019-19035 | Out-of-bounds Read vulnerability in Jhead Project Jhead 3.03 jhead 3.03 is affected by: heap-based buffer over-read. | 5.5 |
| 2019-07-15 | CVE-2019-1010302 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products jhead 3.03 is affected by: Incorrect Access Control. | 5.5 |
| 2019-07-15 | CVE-2019-1010301 | Out-of-bounds Write vulnerability in multiple products jhead 3.03 is affected by: Buffer Overflow. | 5.5 |
| 2018-09-16 | CVE-2018-17088 | Integer Overflow or Wraparound vulnerability in Jhead Project Jhead 3.00 The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. | 6.8 |
| 2018-09-16 | CVE-2018-16554 | Use of Externally-Controlled Format String vulnerability in Jhead Project Jhead 3.00 The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling. | 6.8 |
| 2018-02-04 | CVE-2018-6612 | Integer Underflow (Wrap or Wraparound) vulnerability in Jhead Project Jhead 3.0 An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact. | 4.3 |