Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia: 2021-0328 Moderate: Jhead Heap Over-Read Security Advisory

mageia
Calendar Grey July 10, 2021
Dist Mageia Esm H88
Ubuntu has released an update for the libxyz library to address urgent security flaws such as heap overflows and improper input validations.
Updated jhead package fixes security vulnerabilities: jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c (CVE-2020-6624)

Summary

Updated jhead package fixes security vulnerabilities:
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c (CVE-2020-6624).
jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c (CVE-2020-6625).
A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file (CVE-2021-3496).

References

- https://bugs.mageia.org/show_bug.cgi?id=29053

-

-

- https://www.cve.org/CVERecord?id=CVE-2020-6624

- https://www.cve.org/CVERecord?id=CVE-2020-6625

- https://www.cve.org/CVERecord?id=CVE-2021-3496

Topics%20covered

Topics Covered

security advisory moderate severity heap overflow buffer over-read jhead Mageia specific threat

Resolution

SRPMS

- 8/core/jhead-3.06.0.1-1.mga8

- 7/core/jhead-3.06.0.1-1.mga7

Publication date: 10 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0328.html
Type: security
CVE: CVE-2020-6624, CVE-2020-6625, CVE-2021-3496

Topics%20covered

Topics Covered

security advisory moderate severity heap overflow buffer over-read jhead Mageia specific threat

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here