CVE-2020-28840

Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS).
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
matthiaswandeljhead
𝑥
< 3.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jhead
bullseye (security)
unimportant
bullseye
unimportant
bookworm
1:3.06.0.1-6
fixed
sid
1:3.08-2
fixed
trixie
1:3.08-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jhead
noble
not-affected
mantic
not-affected
lunar
not-affected
jammy
not-affected
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
Common Weakness Enumeration
References
https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900820
https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-xh27-xwgj-gqw2
https://github.com/Matthias-Wandel/jhead/commit/4827ed31c226dc5ed93603bd649e0e387a1778da
https://github.com/Matthias-Wandel/jhead/issues/8
https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900820
https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-xh27-xwgj-gqw2
https://github.com/Matthias-Wandel/jhead/commit/4827ed31c226dc5ed93603bd649e0e387a1778da
https://github.com/Matthias-Wandel/jhead/issues/8