CVE-2024-2824

Published: Mar 22, 2024Modified: Nov 21, 2024

6.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Exploitability: 2.8 / Impact: 3.4

Source: CNA (Secondary)

Description

A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257711.

Related CWEs

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (8)

https://github.com/Matthias-Wandel/jhead/files/14613084/poc.zip

Source: cna@vuldb.com

https://github.com/Matthias-Wandel/jhead/issues/84

Source: cna@vuldb.com

https://vuldb.com/?ctiid.257711

Source: cna@vuldb.com

https://vuldb.com/?id.257711

Source: cna@vuldb.com

https://github.com/Matthias-Wandel/jhead/files/14613084/poc.zip

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/Matthias-Wandel/jhead/issues/84

Source: af854a3a-2127-422b-91ae-364da2661108

https://vuldb.com/?ctiid.257711

Source: af854a3a-2127-422b-91ae-364da2661108

https://vuldb.com/?id.257711

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.