Source: jhead Version: 1:3.03-1 Severity: important Tags: security upstream
Hi, The following vulnerability was published for jhead. CVE-2019-1010302[0]: | jhead 3.03 is affected by: Incorrect Access Control. The impact is: | Denial of service. The component is: iptc.c Line 122 show_IPTC(). The | attack vector is: the victim must open a specially crafted JPEG file. The isse was reported in [1], might you try your luck in contacting upstream? The issue is reproducible with the provided POC. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-1010302 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010302 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1679978 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
