CVE-2020-6625

jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.
Severity
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Atk. Vector
LOCAL
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
jhead_projectjhead
𝑥
≤ 3.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jhead
bullseye (security)
vulnerable
bullseye
vulnerable
bookworm
vulnerable
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jhead
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
ignored
hirsute
ignored
groovy
ignored
focal
Fixed 1:3.04-1ubuntu0.1
released
eoan
ignored
disco
ignored
bionic
Fixed 1:3.00-8~ubuntu0.1
released
xenial
Fixed 1:3.00-4+deb9u1ubuntu0.1~esm1
released
trusty
Fixed 1:2.97-1+deb8u2ubuntu0.1~esm1
released