CVE-2018-6612

Published: Feb 4, 2018Modified: Jun 17, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.

Affected (1)

Products: Jhead Project: Jhead

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jhead Project Jhead	Version 3.0

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (4)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889272

Source: cve@mitre.org

Third Party Advisory

https://launchpad.net/ubuntu/+source/jhead/1:3.00-6

Source: cve@mitre.org

Third Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889272

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://launchpad.net/ubuntu/+source/jhead/1:3.00-6

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.