Explore top 10 tips to secure your open-source projects now. Read More
×
Jhead could be made to crash if it opened a specially crafted
file.
Software Description:
- jhead: Manipulate the non-image part of Exif compliant JPEG files
Details:
It was discovered that Jhead did not properly handle certain crafted Canon
images when processing them. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. (CVE-2021-3496)
It was discovered that Jhead did not properly handle certain crafted images
when printing Canon-specific information. An attacker could possibly use this
issue to crash Jhead, resulting in a denial of service. (CVE-2021-28275)
It was discovered that Jhead did not properly handle certain crafted images
when removing unknown sections. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. (CVE-2021-28275)
Kyle Brown discovered that Jhead did not properly handle certain crafted
images when editing their comments. An attacker could possibly use this ...
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: jhead 1:3.06.0.1-6ubuntu0.23.04.1 Ubuntu 22.10: jhead 1:3.06.0.1-2ubuntu0.22.10.2 Ubuntu 22.04 LTS (Available with Ubuntu Pro): jhead 1:3.06.0.1-2ubuntu0.22.04.1+esm1 Ubuntu 20.04 LTS (Available with Ubuntu Pro): jhead 1:3.04-1ubuntu0.2+esm1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): jhead 1:3.00-8~ubuntu0.2+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): jhead 1:3.00-4+deb9u1ubuntu0.1~esm3 Ubuntu 14.04 LTS (Available with Ubuntu Pro): jhead 1:2.97-1+deb8u2ubuntu0.1~esm3 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6110-1
CVE-2021-28275, CVE-2021-28277, CVE-2021-3496, https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/2020068
Get the latest Linux and open source security news straight to your inbox.