Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given.
References
| Link | Resource |
|---|---|
| https://github.com/Matthias-Wandel/jhead/commit/64894dbc7d8e1e232e85f1cab25c64290b2fc167 | Patch |
| https://github.com/Matthias-Wandel/jhead/issues/51 | Exploit Issue Tracking Patch Third Party Advisory |
| https://github.com/Matthias-Wandel/jhead/commit/64894dbc7d8e1e232e85f1cab25c64290b2fc167 | Patch |
| https://github.com/Matthias-Wandel/jhead/issues/51 | Exploit Issue Tracking Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 06:57
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/Matthias-Wandel/jhead/commit/64894dbc7d8e1e232e85f1cab25c64290b2fc167 - Patch | |
| References | () https://github.com/Matthias-Wandel/jhead/issues/51 - Exploit, Issue Tracking, Patch, Third Party Advisory |
23 Jun 2023, 20:10
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Jhead Project jhead
Jhead Project |
|
| CWE | CWE-787 | |
| CPE | cpe:2.3:a:jhead_project:jhead:3.06:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| References | (MISC) https://github.com/Matthias-Wandel/jhead/issues/51 - Exploit, Issue Tracking, Patch, Third Party Advisory | |
| References | (MISC) https://github.com/Matthias-Wandel/jhead/commit/64894dbc7d8e1e232e85f1cab25c64290b2fc167 - Patch |
13 Jun 2023, 21:27
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-06-13 20:15
Updated : 2024-11-21 06:57
NVD link : CVE-2022-28550
Mitre link : CVE-2022-28550
CVE.ORG link : CVE-2022-28550
JSON object : View
Products Affected
jhead_project
- jhead
CWE
CWE-787
Out-of-bounds Write