Candidate: CVE-2018-6612
PublicDate: 2018-02-04 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6612
 https://anonscm.debian.org/git/collab-maint/jhead.git/diff/debian/patches/0008-heap-buffer-overflow.patch?id=01f09ab772d0d341cdc1326490dd2aa5aa2a7784
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889272
 https://launchpad.net/ubuntu/+source/jhead/1:3.00-6
Description:
 An integer underflow bug in the process_EXIF function of the exif.c file of
 jhead 3.00 raises a heap-based buffer over-read when processing a malicious
 JPEG file, which may allow a remote attacker to cause a denial-of-service
 attack or unspecified other impact.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889272
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_jhead:
upstream_jhead: released (1:3.00-6)
precise/esm_jhead: DNE
trusty_jhead: ignored (reached end-of-life)
trusty/esm_jhead: DNE (trusty was needs-triage)
xenial_jhead: ignored (end of standard support, was needs-triage)
artful_jhead: ignored (reached end-of-life)
bionic_jhead: not-affected (1:3.00-6)
cosmic_jhead: not-affected (1:3.00-6)
disco_jhead: not-affected (1:3.00-6)
eoan_jhead: not-affected (1:3.00-6)
focal_jhead: not-affected (1:3.00-6)
groovy_jhead: not-affected (1:3.00-6)
hirsute_jhead: not-affected (1:3.00-6)
impish_jhead: not-affected (1:3.00-6)
jammy_jhead: not-affected (1:3.00-6)
devel_jhead: not-affected (1:3.00-6)