What is the severity of CVE-2018-6612?

The severity of CVE-2018-6612 is high with a CVSS score of 5.5.

How does CVE-2018-6612 affect jhead?

CVE-2018-6612 raises a heap-based buffer over-read when processing a malicious JPEG file in jhead, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.

Which software versions are affected by CVE-2018-6612?

jhead versions 3.00, 3.04, 3.06.0.1, and 3.08 are affected by CVE-2018-6612.

How can I fix CVE-2018-6612?

Update to jhead version 3.00-8, 3.04-6+deb11u1, 3.06.0.1-6, or 3.08-2 to fix CVE-2018-6612.

Vulnerability/
CVE-2018-6612

medium

5.5

CWE

125 191

3/2/2018

4/2/2018

3/10/2022

5/8/2024

CVE-2018-6612: Integer Underflow

First published: Sat Feb 03 2018(Updated: )

An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Jhead Project Jhead	=3.0
debian/jhead		1:3.04-6+deb11u1 1:3.06.0.1-6 1:3.08-2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-6612?
CVE-2018-6612 is an integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00.
What is the severity of CVE-2018-6612?
The severity of CVE-2018-6612 is high with a CVSS score of 5.5.
How does CVE-2018-6612 affect jhead?
CVE-2018-6612 raises a heap-based buffer over-read when processing a malicious JPEG file in jhead, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.
Which software versions are affected by CVE-2018-6612?
jhead versions 3.00, 3.04, 3.06.0.1, and 3.08 are affected by CVE-2018-6612.
How can I fix CVE-2018-6612?
Update to jhead version 3.00-8, 3.04-6+deb11u1, 3.06.0.1-6, or 3.08-2 to fix CVE-2018-6612.

collector/nvd-index
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/references
agent/weakness
agent/description
collector/debian-bugs
source/Debian
alias/CVE-2018-6612
agent/tags
agent/event
agent/softwarecombine
collector/security-tracker-debian
agent/software-canonical-lookup
vendor/jhead project
canonical/jhead project jhead
version/jhead project jhead/3.0
package-manager/debian

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.