Every CVE whose affected-product data names Jhead Project Jhead, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2022-28550 — CVSS 9.8 (critical): Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer…
CVE-2018-17088 — CVSS 7.8 (high): The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or…
CVE-2018-16554 — CVSS 7.8 (high): The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or…
CVE-2021-28277 — CVSS 7.8 (high): A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections…
CVE-2021-28278 — CVSS 7.8 (high): A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c.
CVE-2021-3496 — CVSS 7.8 (high): A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file.
CVE-2022-41751 — CVSS 7.8 (high): Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50…
CVE-2025-44906 — CVSS 7.8 (high): jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.
CVE-2021-28276 — CVSS 7.5 (high): A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in…
CVE-2020-6625 — CVSS 7.1 (high): jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.
CVE-2021-28275 — CVSS 5.5 (medium): A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause…
CVE-2019-19035 — CVSS 5.5 (medium): jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and…
CVE-2019-1010302 — CVSS 5.5 (medium): jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The…
CVE-2018-6612 — CVSS 5.5 (medium): An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing…
CVE-2019-1010301 — CVSS 5.5 (medium): jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The…
CVE-2020-26208 — CVSS 5.3 (medium): JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras…