Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-26208— Heap-buffer-overflow in jhead

CVSS 5.3 · Medium EPSS 0.09% · P26
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-26208

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Heap-buffer-overflow in jhead
Source: NVD (National Vulnerability Database)
Vulnerability Description
JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
jhead 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
jhead是一款用于修改JPEG文件信息的工具。 JHEAD 中存在缓冲区错误漏洞,该漏洞源于的jpgfile.c:285 ReadJpegSections函数在处理JPEG图片时未能正确处理内存边界。攻击者可通过该漏洞导致程序崩溃或可能不正确的exif信息检索。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2020-26208

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-26208

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-02-02 · 25 CVEs total

CVE-2022-218179.3 CRITICALNvidia Omniverse Launcher 代码问题漏洞
CVE-2021-430738.8 HIGHFortinet FortiWeb 操作系统命令注入漏洞
CVE-2021-410188.8 HIGHFortinet FortiWeb 操作系统命令注入漏洞
CVE-2022-225098.8 HIGHPHOENIX CONTACT: FL SWITCH 2xxx series incorrect privilege assignment
CVE-2022-03668.8 HIGHCapsule8 Console SQL注入漏洞
CVE-2021-427538.1 HIGHFortinet FortiWeb 路径遍历漏洞
CVE-2021-410167.8 HIGHFortinet FortiExtender 操作系统命令注入漏洞
CVE-2022-225107.5 HIGHCODESYS: Null Pointer Dereference in CODESYS PROFINET stack
CVE-2022-217247.0 HIGHUnchecked Class Instantiation when providing Plugin Classes
CVE-2021-361774.2 MEDIUMFortinet FortiAuthenticator 安全漏洞
CVE-2021-39066IBM Financial Transaction Manager 授权问题漏洞
CVE-2022-24301Minetest 安全漏洞
CVE-2022-24300Minetest 安全漏洞
CVE-2021-24043Facebook WhatsApp 缓冲区错误漏洞
CVE-2021-39044IBM Financial Transaction Manager 跨站请求伪造漏洞
CVE-2022-24069Insyde InsydeH2O 权限许可和访问控制问题漏洞
CVE-2021-39070IBM Security Verify Access 安全漏洞
CVE-2021-42633PrinterLogic Web Stack SQL注入漏洞
CVE-2021-42637PrinterLogic Web Stack 代码问题漏洞
CVE-2021-42639PrinterLogic Web Stack 跨站脚本漏洞

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2020-26208

No comments yet

Leave a comment