Candidate: CVE-2019-1010301
PublicDate: 2019-07-15 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010301
 https://bugzilla.redhat.com/show_bug.cgi?id=1679952
Description:
 jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of
 service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack
 vector is: Open a specially crafted JPEG file.
Ubuntu-Description:
 It was discovered that jhead did not properly handle certain crafted input. If
 a user were tricked into opening a malicious JPEG file, a remote attacker could
 cause jhead to crash.
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_jhead:
upstream_jhead: needs-triage
precise/esm_jhead: DNE
trusty_jhead: ignored (out of standard support)
trusty/esm_jhead: DNE
xenial_jhead: ignored (end of standard support, was needed)
bionic_jhead: needed
cosmic_jhead: ignored (reached end-of-life)
disco_jhead: ignored (reached end-of-life)
eoan_jhead: not-affected (1:3.03-2)
focal_jhead: not-affected (1:3.03-2)
groovy_jhead: not-affected (1:3.03-2)
hirsute_jhead: not-affected (1:3.03-2)
impish_jhead: not-affected (1:3.03-2)
jammy_jhead: not-affected (1:3.03-2)
devel_jhead: not-affected (1:3.03-2)