{"id":"MGASA-2017-0105","summary":"Updated jhead packages fix security vulnerability","details":"It was discovered that jhead, a tool to manipulate the non-image part of\nEXIF compliant JPEG files, is prone to an out-of-bounds access\nvulnerability, which may result in denial of service or, potentially, the\nexecution of arbitrary code if an image with specially crafted EXIF data\nis processed.\n","modified":"2026-02-02T03:15:48.011306Z","published":"2017-04-04T06:44:05Z","related":["CVE-2016-3822"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0105.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20616"},{"type":"REPORT","url":"https://www.debian.org/security/2017/dsa-3825"},{"type":"REPORT","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858213"}],"affected":[{"package":{"name":"jhead","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/jhead?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.97-4.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0105.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}