CVE-2018-17088

Published: 16/09/2018 Updated: 31/12/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote malicious user to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jhead project jhead 3.00

Debian Bug report logs - #907925 jhead: CVE-2018-17088: Integer overflow in gpsinfoc while running jhead Package: jhead; Maintainer for jhead is Ludovic Rousseau <rousseau@debianorg>; Source for jhead is src:jhead (PTS, buildd, popcon) Reported by: Hanfang Zhang <hanfangzhang9@gmailcom> Date: Tue, 4 Sep 2018 07:3 ...

Debian Bug report logs - #908176 jhead: CVE-2018-16554: Buffer overflow in gpsinfoc while running jhead Package: jhead; Maintainer for jhead is Ludovic Rousseau <rousseau@debianorg>; Source for jhead is src:jhead (PTS, buildd, popcon) Reported by: Hanfang Zhang <hanfangzhang9@gmailcom> Date: Fri, 7 Sep 2018 03:57 ...

CWE-190 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907925 https://lists.debian.org/debian-lts-announce/2019/12/msg00037.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907925

CVE-2018-17088

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect