CVE-2021-3496 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	A heap-based buffer overflow was found in jhead before version 3.06.0.1 in Get16u() in exif.c when processing a crafted file.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1815	jhead	3.04-1	3.06.0.1-1	Medium	Fixed

References
https://bugzilla.redhat.com/show_bug.cgi?id=1949245 https://github.com/Matthias-Wandel/jhead/issues/33 https://github.com/Matthias-Wandel/jhead/files/6300939/jhead_poc.zip https://github.com/Matthias-Wandel/jhead/commit/ca2973f4ce79279c15a09cf400648a757c1721b0

References

https://bugzilla.redhat.com/show_bug.cgi?id=1949245
https://github.com/Matthias-Wandel/jhead/issues/33
https://github.com/Matthias-Wandel/jhead/files/6300939/jhead_poc.zip
https://github.com/Matthias-Wandel/jhead/commit/ca2973f4ce79279c15a09cf400648a757c1721b0