Package: jhead
Version: 3.04
A heap-buffer-overflow issue was discovered in jhead-3.04:gpsinfo.c:161.
Please run following command to reproduce it,
./jhead poc
Here is the detail log:
$ ./jhead poc
Nonfatal Error : 'poc' Extraneous 10 padding bytes before section E1
Nonfatal Error : 'poc'
Thanks a lot!
Regards,
Hanfang
Salvatore Bonaccorso 于2018年9月17日周一 上午3:08写道:
> Control: retitle 907925 jhead: CVE-2018-17088: Integer overflow in
> gpsinfo.c while running jhead
> Control: retitle 908176 jhead: CVE-2018-16554: Buffer overflow in
> gpsinfo.c while running jhead
>
> Hi
>
> On
10/09/2018 à 11:06, Hanfang Zhang a écrit :
> > Sorry, I don't have it. Once I receive the CVE ID number, I will give it
> to you as soon as possible.
> >
> > Ludovic Rousseau ludovic.rouss...@gmail.com>> 于2018年9月8日周六 下午11:01写道:
> >
> >
Sorry, I don't have it. Once I receive the CVE ID number, I will give it to
you as soon as possible.
Ludovic Rousseau 于2018年9月8日周六 下午11:01写道:
> Le 08/09/2018 à 03:05, Hanfang Zhang a écrit :
> > Hello,
> >
> > Done. Thanks a lot.
>
> Do you have the CVE ID number?
>
itre.org/ and once the CVE assigned loop it back here?"
>
> Thanks
>
> Le 07/09/2018 à 05:54, Hanfang Zhang a écrit :
> > Package: jhead
> > Version: 1:3.00-7
> > Vulerability type: Buffer Overflow
> >
> > An buffer overflow bug was found in jhead, whic
Hi Salvatore,
I have done that and the CVE ID is CVE-2018-16554. But the status of it is
preserved. Thanks.
Regards,
Hanfang
Salvatore Bonaccorso 于2018年9月5日周三 下午11:05写道:
> Hi Hanfang,
>
> On Tue, Sep 04, 2018 at 03:32:02PM +0800, Hanfang Zhang wrote:
> > This bug was found b
Package: jhead
Version: 1:3.00-7
Vulerability type: Buffer Overflow
An buffer overflow bug was found in jhead, which allows attackers to casue
a denial of service via a crafted JPEG file.
Components: gpsinfo.c -> ProcessGpsInfo() ->line 164
```
case TAG_GPS_ALT://BUG
sprintf(ImageInfo.GpsAlt
:10写道:
> Hello,
>
> Le 04/09/2018 à 09:32, Hanfang Zhang a écrit :
> > Package: jhead
> > Version: 3.00-7
> >
> > Interger overflow while running jhead. There is an interger overflow in
> exif.c line 530. When OffseVal=0x0014, ByteCount=0x,
> ExifLeng
+0x403998)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 strnlen
==21157==ABORTING
This bug was found by Hanfang Zhang at Sichuan University. Request a
CVE ID. Thanks.
testfile
Description: Binary data
9 matches
Mail list logo