OpenSUSE Linux update for jhead
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2016-3822 CVE-2018-16554 CVE-2018-17088 |
| CWE-ID | CWE-119 CWE-134 CWE-190 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Operating systems & Components / Operating system Opensuse Operating systems & Components / Operating system |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU40167
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-3822
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.
MitigationUpdate the affected packages.
SUSE Linux: 15
Opensuse: 15.0 - 42.3
CPE2.3- cpe:2.3:o:suse:suse_linux:15:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00074.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Format string error
EUVDB-ID: #VU36696
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-16554
CWE-ID:
CWE-134 - Use of Externally-Controlled Format String
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.
MitigationUpdate the affected packages.
SUSE Linux: 15
Opensuse: 15.0 - 42.3
CPE2.3- cpe:2.3:o:suse:suse_linux:15:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00074.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Integer overflow
EUVDB-ID: #VU36695
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-17088
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability.
MitigationUpdate the affected packages.
SUSE Linux: 15
Opensuse: 15.0 - 42.3
CPE2.3- cpe:2.3:o:suse:suse_linux:15:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00074.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
