Vulnerability Details CVE-2020-26208
JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.0%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.8
References
- https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900821
- https://github.com/F-ZhaoYang/jhead/commit/5186ddcf9e35a7aa0ff0539489a930434a1325f4
- https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-7pr6-xq4f-qhgc
- https://github.com/Matthias-Wandel/jhead/issues/7
- https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900821
- https://github.com/F-ZhaoYang/jhead/commit/5186ddcf9e35a7aa0ff0539489a930434a1325f4
- https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-7pr6-xq4f-qhgc
- https://github.com/Matthias-Wandel/jhead/issues/7
Products affected by CVE-2020-26208
-
cpe:2.3:a:jhead_project:jhead:1.2
-
cpe:2.3:a:jhead_project:jhead:1.3
-
cpe:2.3:a:jhead_project:jhead:1.4
-
cpe:2.3:a:jhead_project:jhead:1.5
-
cpe:2.3:a:jhead_project:jhead:1.6
-
cpe:2.3:a:jhead_project:jhead:1.7
-
cpe:2.3:a:jhead_project:jhead:1.8
-
cpe:2.3:a:jhead_project:jhead:1.9
-
cpe:2.3:a:jhead_project:jhead:2.0
-
cpe:2.3:a:jhead_project:jhead:2.1
-
cpe:2.3:a:jhead_project:jhead:2.2
-
cpe:2.3:a:jhead_project:jhead:2.3
-
cpe:2.3:a:jhead_project:jhead:2.4
-
cpe:2.3:a:jhead_project:jhead:2.4-1
-
cpe:2.3:a:jhead_project:jhead:2.4-2
-
cpe:2.3:a:jhead_project:jhead:2.5
-
cpe:2.3:a:jhead_project:jhead:2.6
-
cpe:2.3:a:jhead_project:jhead:2.7
-
cpe:2.3:a:jhead_project:jhead:2.8
-
cpe:2.3:a:jhead_project:jhead:2.82
-
cpe:2.3:a:jhead_project:jhead:2.84
-
cpe:2.3:a:jhead_project:jhead:2.86
-
cpe:2.3:a:jhead_project:jhead:2.87
-
cpe:2.3:a:jhead_project:jhead:2.88
-
cpe:2.3:a:jhead_project:jhead:2.90
-
cpe:2.3:a:jhead_project:jhead:2.93
-
cpe:2.3:a:jhead_project:jhead:2.94
-
cpe:2.3:a:jhead_project:jhead:2.95
-
cpe:2.3:a:jhead_project:jhead:2.96
-
cpe:2.3:a:jhead_project:jhead:2.97
-
cpe:2.3:a:jhead_project:jhead:3.0
-
cpe:2.3:a:jhead_project:jhead:3.02
-
cpe:2.3:a:jhead_project:jhead:3.03