Jhead Jheadproject Jhead

Do you want an email whenever new security vulnerabilities are reported in Jheadproject Jhead?

By the Year

In 2024 there have been 0 vulnerabilities in Jheadproject Jhead . Last year Jhead had 1 security vulnerability published. Right now, Jhead is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 1 9.80
2022 7 7.19
2021 1 7.80
2020 2 7.10
2019 3 5.50
2018 3 7.03

It may take a day or so for new Jhead vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jheadproject Jhead Security Vulnerabilities

Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead

CVE-2022-28550 9.8 - Critical - June 13, 2023

Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given.

Memory Corruption

jhead 3.06 is vulnerable to Buffer Overflow

CVE-2021-34055 7.8 - High - November 04, 2022

jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.

Classic Buffer Overflow

Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.

CVE-2022-41751 7.8 - High - October 17, 2022

Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.

Shell injection

A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault

CVE-2021-28275 5.5 - Medium - March 23, 2022

A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file.

Incorrect Type Conversion or Cast

A Denial of Service vulnerability exists in jhead 3.04 and 3.05

CVE-2021-28276 7.5 - High - March 23, 2022

A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c.

A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow

CVE-2021-28277 7.8 - High - March 23, 2022

A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c.

Memory Corruption

A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05

CVE-2021-28278 7.8 - High - March 23, 2022

A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c.

Memory Corruption

JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras

CVE-2020-26208 6.1 - Medium - February 02, 2022

JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue.

Memory Corruption

A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file.

CVE-2021-3496 7.8 - High - April 22, 2021

A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file.

Memory Corruption

jhead through 3.04 has a heap-based buffer over-read in Get32s when called

CVE-2020-6625 7.1 - High - January 09, 2020

jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.

Out-of-bounds Read

jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.

CVE-2020-6624 7.1 - High - January 09, 2020

jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.

Out-of-bounds Read

jhead 3.03 is affected by: heap-based buffer over-read

CVE-2019-19035 5.5 - Medium - November 17, 2019

jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.

Out-of-bounds Read

jhead 3.03 is affected by: Incorrect Access Control

CVE-2019-1010302 5.5 - Medium - July 15, 2019

jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.

Buffer Overflow

jhead 3.03 is affected by: Buffer Overflow

CVE-2019-1010301 5.5 - Medium - July 15, 2019

jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.

Memory Corruption

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may

CVE-2018-17088 7.8 - High - September 16, 2018

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability.

Integer Overflow or Wraparound

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may

CVE-2018-16554 7.8 - High - September 16, 2018

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.

Use of Externally-Controlled Format String

An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may

CVE-2018-6612 5.5 - Medium - February 04, 2018

An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.

Out-of-bounds Read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jheadproject Jhead or by Jheadproject? Click the Watch button to subscribe.

subscribe