Denial-of-Service Vulnerability in jhead Product by P. J. H. W. R. S.
CVE-2018-16554

7.8HIGH

Key Information:

Vendor

Jhead Project

Status
Jhead
Vendor
CVE Published:
16 September 2018

What is CVE-2018-16554?

The ProcessGpsInfo function in the gpsinfo.c file of jhead version 3.00 contains a vulnerability that enables a remote attacker to induce a denial-of-service condition. This can be exploited through a specially crafted JPEG file, which triggers an inconsistency between float and double data types when handling TAG_GPS_ALT in the sprintf function. This inconsistency can lead to unexpected behavior and potential crashes of the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://nimo-zhang.github.io/2018/09/07/bug-analysis-1/#more
x_refsource_MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908176
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2019/12/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.