CVE-2019-1010302

Published: Jul 15, 2019Modified: Jun 17, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.

Affected (4)

Products: Jhead Project: Jhead · Fedoraproject: Fedora · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jhead Project Jhead	Version 3.03

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (10)

https://bugzilla.redhat.com/show_bug.cgi?id=1679978

Source: josh@bress.net

ExploitIssue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/12/msg00037.html

Source: josh@bress.net

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WVQTORTGQE56XXC6OVHQCSCUGABRMQZ/

Source: josh@bress.net

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTGUHTJTQ6EKEPDXFSKZKVLUJC4UAPBQ/

Source: josh@bress.net

https://security.gentoo.org/glsa/202007-17

Source: josh@bress.net

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1679978