Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 533
Alerts This Week
Warning Icon 1 533

Ubuntu 22.10: 7205-3 Moderate: Jhead Vulnerability Exploit Risk

ubuntu
Calendar Grey May 25, 2023
Dist Ubuntu Esm H88
Debian Security Announcement DSA-5098-1 outlines vulnerabilities in the XYZ software that could enable system instability or unauthorized command execution via manipulated files.
Jhead could be made to crash or run programs as your login if it opened a specially crafted file.

Summary

Jhead could be made to crash or run programs as your login if it

opened a specially crafted file.

Software Description:

- jhead: Manipulate the non-image part of Exif compliant JPEG files

Details:

It was discovered that Jhead did not properly handle certain crafted images

while rotating them. An attacker could possibly use this issue to crash Jhead,

resulting in a denial of service. (CVE-2021-34055)

Kyle Brown discovered that Jhead did not properly handle certain crafted

images while regenerating the Exif thumbnail. An attacker could possibly use

this issue to execute arbitrary commands. (CVE-2022-41751)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
   jhead                           1:3.06.0.1-2ubuntu0.22.10.1

Ubuntu 22.04 LTS:
   jhead                           1:3.06.0.1-2ubuntu0.22.04.1

Ubuntu 20.04 LTS:
   jhead                           1:3.04-1ubuntu0.2

Ubuntu 18.04 LTS:
   jhead                           1:3.00-8~ubuntu0.2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   jhead                           1:3.00-4+deb9u1ubuntu0.1~esm2

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
   jhead                           1:2.97-1+deb8u2ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6108-1

CVE-2021-34055, CVE-2022-41751

May 25, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.