Advisories » MGASA-2018-0146

Updated jhead package fixes security vulnerability

Publication date: 26 Feb 2018
Modification date: 26 Feb 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-6612

Description

Updated jhead package fixes security vulnerability:

An integer underflow bug in the process_EXIF function of the exif.c file of
jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG
file, which may allow a remote attacker to cause a denial-of-service attack or
unspecified other impact (CVE-2018-6612).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22565
• https://lists.opensuse.org/opensuse-updates/2018-02/msg00037.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6612

SRPMS

6/core

• jhead-3.00-3.1.mga6