Vulnerability Details CVE-2008-4575
Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/32363
- http://www.openwall.com/lists/oss-security/2008/10/15/6
- http://www.securityfocus.com/bid/31770
- http://www.sentex.net/~mwandel/jhead/changes.txt
- https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
- https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html
- https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html
- http://secunia.com/advisories/32363
- http://www.openwall.com/lists/oss-security/2008/10/15/6
- http://www.securityfocus.com/bid/31770
- http://www.sentex.net/~mwandel/jhead/changes.txt
- https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
- https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html
- https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html
Products affected by CVE-2008-4575
-
cpe:2.3:a:sentex:jhead:*
-
cpe:2.3:a:sentex:jhead:1.2
-
cpe:2.3:a:sentex:jhead:1.3
-
cpe:2.3:a:sentex:jhead:1.4
-
cpe:2.3:a:sentex:jhead:1.5
-
cpe:2.3:a:sentex:jhead:1.6
-
cpe:2.3:a:sentex:jhead:1.7
-
cpe:2.3:a:sentex:jhead:1.8
-
cpe:2.3:a:sentex:jhead:1.9
-
cpe:2.3:a:sentex:jhead:2.0
-
cpe:2.3:a:sentex:jhead:2.1
-
cpe:2.3:a:sentex:jhead:2.2
-
cpe:2.3:a:sentex:jhead:2.3
-
cpe:2.3:a:sentex:jhead:2.4
-
cpe:2.3:a:sentex:jhead:2.4-1
-
cpe:2.3:a:sentex:jhead:2.4-2
-
cpe:2.3:a:sentex:jhead:2.5
-
cpe:2.3:a:sentex:jhead:2.6
-
cpe:2.3:a:sentex:jhead:2.7
-
cpe:2.3:a:sentex:jhead:2.8