---

CVE-2021-3496 - log back

CVE-2021-3496 edited at 14 Apr 2021 20:24:13
Description	- A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. + A heap-based buffer overflow was found in jhead before version 3.06.0.1 in Get16u() in exif.c when processing a crafted file.
References	https://bugzilla.redhat.com/show_bug.cgi?id=1949245 https://github.com/Matthias-Wandel/jhead/issues/33 https://github.com/Matthias-Wandel/jhead/files/6300939/jhead_poc.zip + https://github.com/Matthias-Wandel/jhead/commit/ca2973f4ce79279c15a09cf400648a757c1721b0

CVE-2021-3496 edited at 13 Apr 2021 19:16:18
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1949245 + https://github.com/Matthias-Wandel/jhead/issues/33 + https://github.com/Matthias-Wandel/jhead/files/6300939/jhead_poc.zip
Notes

CVE-2021-3496 created at 13 Apr 2021 19:15:24