| Name | CVE-2016-3822 |
| Description | exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-864-1, DSA-3825-1 |
| Debian Bugs | 858213 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| jhead (PTS) | bullseye (security), bullseye | 1:3.04-6+deb11u1 | fixed |
| bookworm | 1:3.06.0.1-6 | fixed | |
| forky, sid, trixie | 1:3.08-3 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| jhead | source | wheezy | 1:2.95-1+deb7u1 | DLA-864-1 | ||
| jhead | source | jessie | 1:2.97-1+deb8u1 | DSA-3825-1 | ||
| jhead | source | (unstable) | 1:3.00-4 | 858213 |