Description
Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."
References (7)
Core 7
Core References
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31770
Various Sources x_refsource_confirm
http://www.sentex.net/~mwandel/jhead/changes.txt
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32363
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html
Exploit x_refsource_confirm
https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/10/15/6
Scores
EPSS
0.0173
EPSS Percentile
74.9%
Details
CWE
CWE-119
Status
published
Products (20)
sentex/jhead
1.2
sentex/jhead
1.3
sentex/jhead
1.4
sentex/jhead
1.5
sentex/jhead
1.6
sentex/jhead
1.7
sentex/jhead
1.8
sentex/jhead
1.9
sentex/jhead
2.0
sentex/jhead
2.1
... and 10 more
Published
Oct 15, 2008
Tracked Since
Feb 18, 2026