CVE-2018-17088

by Fred · 16/09/2018

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability.

Date published : 2018-09-16

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907925

https://lists.debian.org/debian-lts-announce/2019/12/msg00037.html

CVE-2018-17088

Similar

Recent Posts

Categories

CVE-2018-17088

Share this:

Similar

Recent Posts

Categories

Tags