Vulnerability Details : CVE-2020-28840
Potential exploit
Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS).
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2020-28840
- cpe:2.3:a:matthiaswandel:jhead:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-28840
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 5 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-28840
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2020-28840
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-28840
-
https://github.com/Matthias-Wandel/jhead/issues/8
heap-buffer-overflow on process_COM in jpgfile.c:51 · Issue #8 · Matthias-Wandel/jhead · GitHubExploit;Issue Tracking;Patch
-
https://github.com/Matthias-Wandel/jhead/commit/4827ed31c226dc5ed93603bd649e0e387a1778da
A 'fix' to satisfy pednatic debian fuzzers. This one read ONE byte p… · Matthias-Wandel/jhead@4827ed3 · GitHubPatch
-
https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-xh27-xwgj-gqw2
heap-buffer-overflow on process_COM in jpgfile.c:51 · Advisory · Fstark-prog/jhead · GitHubExploit
-
https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900820
Bug #1900820 “heap-buffer-overflow in jpgfile.c:51 process_COM” : Bugs : jhead package : UbuntuExploit;Issue Tracking
Jump to