CVE-2024-2824

EUVD-2024-27768
A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257711.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
CISA-ADPADP
6.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
jhead_projectjhead
3.8
ADP
Debian logo
Debian Releases
Debian Product
Codename
jhead
bookworm
unimportant
bullseye
unimportant
bullseye (security)
unimportant
forky
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jhead
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
mantic
ignored
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
trusty
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/Matthias-Wandel/jhead/files/14613084/poc.zip
https://github.com/Matthias-Wandel/jhead/issues/84
https://vuldb.com/?ctiid.257711
https://vuldb.com/?id.257711
https://github.com/Matthias-Wandel/jhead/files/14613084/poc.zip
https://github.com/Matthias-Wandel/jhead/issues/84
https://vuldb.com/?ctiid.257711
https://vuldb.com/?id.257711