First published: Mon Oct 17 2022(Updated: )
Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Jhead Project Jhead | =3.06.0.1 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
debian/jhead | <=1:3.00-8 | 1:3.00-8+deb10u1 1:3.04-6+deb11u1 1:3.06.0.1-6 1:3.08-2 |
debian/jhead | <=1:3.06.0.1-2<=1:3.00-8 | 1:3.06.0.1-3 1:3.04-6+deb11u1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-41751 refers to a vulnerability in Jhead 3.06.0.1 that allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and using the regeneration -rgt50 option.
The severity of CVE-2022-41751 is high, with a CVSS score of 7.8.
CVE-2022-41751 allows attackers to execute arbitrary OS commands in Jhead 3.06.0.1 by manipulating JPEG filenames.
Jhead 3.06.0.1 is affected by CVE-2022-41751. Additionally, Fedora 35, Fedora 36, Fedora 37, Debian Linux 10.0, and Debian Linux 11.0 are also affected.
To fix CVE-2022-41751, you should update Jhead to a version that includes the necessary security patches.