CVE-2021-3496
HIGHjhead 3.06 - Heap-Based Buffer Overflow in Get16u Function
Title source: llmDescription
A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202210-17
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1949245
Exploit, Patch, Third Party Advisory
https://github.com/Matthias-Wandel/jhead/issues/33
Scores
CVSS v3
7.8
EPSS
0.0106
EPSS Percentile
60.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
CWE-787
Status
published
Products (1)
jhead_project/jhead
3.06
Published
Apr 22, 2021
Tracked Since
Feb 18, 2026