CVE-2018-6612

NameCVE-2018-6612
DescriptionAn integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs889272

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
jhead (PTS)jessie, jessie (lts)1:2.97-1+deb8u2vulnerable
stretch1:3.00-4+deb9u1vulnerable
buster1:3.00-8fixed
buster (security)1:3.00-8+deb10u1fixed
bullseye (security), bullseye1:3.04-6+deb11u1fixed
bookworm1:3.06.0.1-6fixed
sid, trixie1:3.08-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
jheadsource(unstable)1:3.00-6unimportant889272

Notes

https://anonscm.debian.org/git/collab-maint/jhead.git/diff/debian/patches/0008-heap-buffer-overflow.patch?id=01f09ab772d0d341cdc1326490dd2aa5aa2a7784
Crash in CLI tool, no security impact

Search for package or bug name: Reporting problems