CVE-2018-6612

NameCVE-2018-6612
DescriptionAn integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs889272

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
jhead (PTS)jessie (security), jessie1:2.97-1+deb8u1vulnerable
stretch1:3.00-4+deb9u1vulnerable
buster, sid1:3.00-8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
jheadsource(unstable)1:3.00-6unimportant889272

Notes

https://anonscm.debian.org/git/collab-maint/jhead.git/diff/debian/patches/0008-heap-buffer-overflow.patch?id=01f09ab772d0d341cdc1326490dd2aa5aa2a7784
Crash in CLI tool, no security impact
Search for package or bug name: Reporting problems