jhead is vulnerable to arbitrary code execution. A heap-based buffer overflow in Get16u()
in exif.c
allows an attacker to execute arbitrary code on the host OS via a malicious file.
CPE | Name | Operator | Version |
---|---|---|---|
jhead:sid | eq | 1:3.04-4 | |
jhead:bullseye | eq | 1:3.04-4 | |
jhead:bullseye | eq | 1:3.04-5 | |
jhead:sid | eq | 1:3.04-4 | |
jhead:bullseye | eq | 1:3.04-4 | |
jhead:bullseye | eq | 1:3.04-5 |