Advisories ยป MGASA-2018-0457

Updated jhead package fixes security vulnerabilities

Publication date: 17 Nov 2018
Modification date: 17 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-16554 , CVE-2018-17088

Description

The ProcessGpsInfo function may have allowed a remote attacker to cause
a denial-of-service attack or unspecified other impact via a malicious
JPEG file, because of inconsistency between float and double in a
sprintf format string during TAG_GPS_ALT handling (CVE-2018-16554).

The ProcessGpsInfo function may have allowed a remote attacker to cause
a denial-of-service attack or unspecified other impact via a malicious
JPEG file, because there is an integer overflow during a check for
whether a location exceeds the EXIF data length (CVE-2018-17088).
                

References

SRPMS

6/core