USN-6108-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-6108-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6108-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-6108-1
Related
Published
2023-05-25T07:48:13.105817Z
Modified
2023-05-25T07:48:13.105817Z
Summary
Jhead vulnerabilities
Details

It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. (CVE-2021-34055)

Kyle Brown discovered that Jhead did not properly handle certain crafted images while regenerating the Exif thumbnail. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2022-41751)

References

Affected packages

Ubuntu:Pro:14.04:LTS / jhead

Package

Name
jhead

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.97-1+deb8u2ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "jhead": "1:2.97-1+deb8u2ubuntu0.1~esm2"
        }
    ]
}

Ubuntu:22.04:LTS / jhead

Package

Name
jhead

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.06.0.1-2ubuntu0.22.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "jhead": "1:3.06.0.1-2ubuntu0.22.04.1"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / jhead

Package

Name
jhead

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.00-4+deb9u1ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "jhead": "1:3.00-4+deb9u1ubuntu0.1~esm2"
        }
    ]
}

Ubuntu:18.04:LTS / jhead

Package

Name
jhead

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.00-8~ubuntu0.2

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "jhead": "1:3.00-8~ubuntu0.2"
        }
    ]
}

Ubuntu:20.04:LTS / jhead

Package

Name
jhead

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.04-1ubuntu0.2

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "jhead": "1:3.04-1ubuntu0.2"
        }
    ]
}