Advisories » MGASA-2017-0105

Updated jhead packages fix security vulnerability

Publication date: 04 Apr 2017
Modification date: 04 Apr 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-3822

Description

It was discovered that jhead, a tool to manipulate the non-image part of
EXIF compliant JPEG files, is prone to an out-of-bounds access
vulnerability, which may result in denial of service or, potentially, the
execution of arbitrary code if an image with specially crafted EXIF data
is processed.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20616
• https://www.debian.org/security/2017/dsa-3825
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858213
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3822

SRPMS

5/core

• jhead-2.97-4.1.mga5