Vulnerabilities > Jhead Project

DATE CVE VULNERABILITY TITLE RISK
2020-01-09 CVE-2020-6624 Out-of-bounds Read vulnerability in Jhead Project Jhead
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.
local
low complexity
jhead-project CWE-125
7.1
2019-11-17 CVE-2019-19035 Out-of-bounds Read vulnerability in Jhead Project Jhead 3.03
jhead 3.03 is affected by: heap-based buffer over-read.
local
low complexity
jhead-project CWE-125
5.5
2019-07-15 CVE-2019-1010302 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
jhead 3.03 is affected by: Incorrect Access Control.
local
low complexity
jhead-project fedoraproject debian CWE-119
5.5
2019-07-15 CVE-2019-1010301 Out-of-bounds Write vulnerability in multiple products
jhead 3.03 is affected by: Buffer Overflow.
local
low complexity
jhead-project fedoraproject debian CWE-787
5.5
2018-09-16 CVE-2018-17088 Integer Overflow or Wraparound vulnerability in Jhead Project Jhead 3.00
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length.
local
low complexity
jhead-project CWE-190
7.8
2018-09-16 CVE-2018-16554 Use of Externally-Controlled Format String vulnerability in Jhead Project Jhead 3.00
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.
local
low complexity
jhead-project CWE-134
7.8
2018-02-04 CVE-2018-6612 Integer Underflow (Wrap or Wraparound) vulnerability in Jhead Project Jhead 3.0
An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.
local
low complexity
jhead-project CWE-191
5.5