5.5

CVE-2019-1010301

Exploit
jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jhead ProjectJhead Version3.03
FedoraprojectFedora Version29
FedoraprojectFedora Version30
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.21% 0.645
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2019/12/msg00037.html
Third Party Advisory
Mailing List
https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1838251
Third Party Advisory
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=1679952
Third Party Advisory
Exploit
Issue Tracking
https://launchpadlibrarian.net/435112680/32_crash_in_gpsinfo
Patch
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WVQTORTGQE56XXC6OVHQCSCUGABRMQZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTGUHTJTQ6EKEPDXFSKZKVLUJC4UAPBQ/
https://security.gentoo.org/glsa/202007-17
Third Party Advisory