CVE-2008-4641

jhead < 2.84 - OS Command Injection via Shell Metacharacters in DoCommand

Title source: llm
STIX 2.1

Description

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31921
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/10/15/5
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/11/26/4
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/10/16/3
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/10/15/6

Scores

EPSS 0.0220
EPSS Percentile 80.4%

Details

CWE
CWE-20
Status published
Products (20)
sentex/jhead 1.2
sentex/jhead 1.3
sentex/jhead 1.4
sentex/jhead 1.5
sentex/jhead 1.6
sentex/jhead 1.7
sentex/jhead 1.8
sentex/jhead 1.9
sentex/jhead 2.0
sentex/jhead 2.1
... and 10 more
Published Oct 21, 2008
Tracked Since Feb 18, 2026