USN-6110-1: Jhead vulnerabilities
29 May 2023
Jhead could be made to crash if it opened a specially crafted file.
Releases
- Ubuntu 23.04
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- jhead - Manipulate the non-image part of Exif compliant JPEG files
Details
It was discovered that Jhead did not properly handle certain crafted Canon
images when processing them. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
(CVE-2021-3496)
It was discovered that Jhead did not properly handle certain crafted images
when printing Canon-specific information. An attacker could possibly use this
issue to crash Jhead, resulting in a denial of service. This issue only
affected Ubuntu 20.04. (CVE-2021-28275)
It was discovered that Jhead did not properly handle certain crafted images
when removing unknown sections. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04
LTS. (CVE-2021-28277)
Kyle Brown discovered that Jhead did not properly handle certain crafted
images when editing their comments. An attacker could possibly use this to
crash Jhead, resulting in a denial of service. (LP: #2020068)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.04
Ubuntu 22.10
Ubuntu 22.04
-
jhead
-
1:3.06.0.1-2ubuntu0.22.04.1+esm1
Available with Ubuntu Pro
Ubuntu 20.04
-
jhead
-
1:3.04-1ubuntu0.2+esm1
Available with Ubuntu Pro
Ubuntu 18.04
-
jhead
-
1:3.00-8~ubuntu0.2+esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
jhead
-
1:3.00-4+deb9u1ubuntu0.1~esm3
Available with Ubuntu Pro
Ubuntu 14.04
-
jhead
-
1:2.97-1+deb8u2ubuntu0.1~esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.