CVE-2019-1010301

Published: Jul 15, 2019Modified: Jun 17, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.

Affected (4)

Products: Jhead Project: Jhead · Fedoraproject: Fedora · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jhead Project Jhead	Version 3.03

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (14)

https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1838251

Source: josh@bress.net

ExploitThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1679952

Source: josh@bress.net

ExploitIssue TrackingThird Party Advisory

https://launchpadlibrarian.net/435112680/32_crash_in_gpsinfo

Source: josh@bress.net

Mailing ListPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/12/msg00037.html

Source: josh@bress.net

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WVQTORTGQE56XXC6OVHQCSCUGABRMQZ/

Source: josh@bress.net

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTGUHTJTQ6EKEPDXFSKZKVLUJC4UAPBQ/

Source: josh@bress.net

https://security.gentoo.org/glsa/202007-17

Source: josh@bress.net

Third Party Advisory

https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1838251