Heap Use-After-Free Vulnerability in jhead by Jhead Project
CVE-2025-44906

7.8HIGH

Key Information:

Vendor: Jhead Project
Status: jhead
Vendor: CVE Published:; 30 May 2025

🔔 Create Jhead Project Vulnerability Alert

What is CVE-2025-44906?

A heap use-after-free vulnerability has been identified in jhead version 3.08, specifically within the ProcessFile function located in jhead.c. This flaw allows an attacker to leverage memory management errors, potentially leading to arbitrary code execution or application crashes. Proper validation and handling of dynamic memory operations are critical in preventing such vulnerabilities from being exploited in systems using jhead.

References

https://github.com/madao123123/crash_report/blob/main/jhe...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2025
Vulnerability Reserved
Apr 22, 2025