Source: jhead Version: 1:3.03-1 Severity: important Tags: security upstream
Hi, The following vulnerability was published for jhead. CVE-2019-1010301[0]: | jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of | service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The | attack vector is: Open a specially crafted JPEG file. The issue has been reported to a downstream bugzilla at [1], could you try your luck contacting upstream? The issue is reproducible with the provided POC. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-1010301 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010301 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1679952 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
