Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2022-41751 - CERT CVE
CVE-2022-41751
ID
CVE-2022-41751
Sažetak
Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.
Reference
https://github.com/Matthias-Wandel/jhead
https://github.com/Matthias-Wandel/jhead/blob/63ce118c6a59ea64ac357236a11a47aaf569d622/jhead.c#L788
https://github.com/Matthias-Wandel/jhead/pull/57
https://lists.debian.org/debian-lts-announce/2022/12/msg00004.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NM6FET4ZNWV4EQGKZTLZFWTNVODGVOK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EG26AD7KJAY5B6L6OERSGL4FRXJE3GOB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAVB3ZX7E5ULEXESU5NXZIAHY6CVGCHB/
https://www.debian.org/security/2022/dsa-5294
https://github.com/Matthias-Wandel/jhead
https://github.com/Matthias-Wandel/jhead/blob/63ce118c6a59ea64ac357236a11a47aaf569d622/jhead.c#L788
https://github.com/Matthias-Wandel/jhead/pull/57
https://lists.debian.org/debian-lts-announce/2022/12/msg00004.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NM6FET4ZNWV4EQGKZTLZFWTNVODGVOK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EG26AD7KJAY5B6L6OERSGL4FRXJE3GOB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAVB3ZX7E5ULEXESU5NXZIAHY6CVGCHB/
https://www.debian.org/security/2022/dsa-5294
CVSS
Base:
7.8
Impact:
5.9
Exploitability:
1.8
Pristup
Vektor
Složenost
Autentikacija
LOCAL
LOW
NONE
Impact
Povjerljivost
Cjelovitost
Dostupnost
HIGH
HIGH
HIGH
CVSS vektor
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Zadnje važnije ažuriranje
13-05-2025 - 16:15
Objavljeno
17-10-2022 - 18:15
