Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given.
References
Link | Resource |
---|---|
https://github.com/Matthias-Wandel/jhead/commit/64894dbc7d8e1e232e85f1cab25c64290b2fc167 | Patch |
https://github.com/Matthias-Wandel/jhead/issues/51 | Exploit Issue Tracking Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-06-13T00:00:00
Updated: 2023-06-13T00:00:00
Reserved: 2022-04-04T00:00:00
Link: CVE-2022-28550
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-13T20:15:08.907
Modified: 2023-06-23T20:10:56.137
Link: CVE-2022-28550
JSON object: View
Redhat Information
No data.
CWE