CVE-2019-1010301 - jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsi

CVE-2019-1010301

Summary

jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.

References

Vulnerable Configurations

cpe:2.3:a:jhead_project:jhead:3.03:*:*:*:*:*:*:*
cpe:2.3:a:jhead_project:jhead:3.03:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 26-04-2022 - 20:17)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

confirm	https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1838251
fedora	FEDORA-2019-17b95fecd3 FEDORA-2019-441c2fb0d1
gentoo	GLSA-202007-17
misc	https://bugzilla.redhat.com/show_bug.cgi?id=1679952 https://launchpadlibrarian.net/435112680/32_crash_in_gpsinfo
mlist	[debian-lts-announce] 20191231 [SECURITY] [DLA 2054-1] jhead security update

Last major update

26-04-2022 - 20:17

Published

15-07-2019 - 18:15

Last modified

26-04-2022 - 20:17