CVE-2020-6624 (https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744): jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. CVE-2020-6625 (https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858746): jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. Both bugs untouched in launchpad. We should fix glsa-202007-17, too, as it's referenced in the CVEs. https://security.gentoo.org/glsa/202007-17
(In reply to John Helmert III from comment #0) > CVE-2020-6624 (https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744): > > jhead through 3.04 has a heap-based buffer over-read in process_DQT in > jpgqguess.c. https://github.com/Matthias-Wandel/jhead/issues/20 maybe?? > > CVE-2020-6625 (https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858746): > > jhead through 3.04 has a heap-based buffer over-read in Get32s when called > from ProcessGpsInfo in gpsinfo.c. https://github.com/Matthias-Wandel/jhead/issues/17 maybe?? if yes, then fixed in 3.06.0.1 > > Both bugs untouched in launchpad. We should fix glsa-202007-17, too, > as it's referenced in the CVEs. > > https://security.gentoo.org/glsa/202007-17
CVE-2022-41751 (https://github.com/Matthias-Wandel/jhead/pull/57): Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. This one's definitely patched: https://github.com/Matthias-Wandel/jhead/commit/ba1da7dce9e8f3269159b57b88ff9688624426d2
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9fceaf2a9da27bc153a88c26a17ab13dd98e8d23 commit 9fceaf2a9da27bc153a88c26a17ab13dd98e8d23 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2023-04-07 12:36:28 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2023-04-07 12:36:28 +0000 media-gfx/jhead: drop 3.04 Bug: https://bugs.gentoo.org/876247 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> media-gfx/jhead/Manifest | 1 - media-gfx/jhead/jhead-3.04.ebuild | 24 ------------------------ 2 files changed, 25 deletions(-)
Let's trust Andreas and treat these as fixed in 3.06.0.1.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=70a36362e8053f3760826b4ccce860e94299c700 commit 70a36362e8053f3760826b4ccce860e94299c700 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-06-22 08:28:39 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-06-22 08:29:13 +0000 [ GLSA 202406-05 ] JHead: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/876247 Bug: https://bugs.gentoo.org/879801 Bug: https://bugs.gentoo.org/908519 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202406-05.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+)
