Multiple vulnerabilities in JHead might lead to the execution of arbitrary code or data loss.
Package | media-gfx/jhead on all architectures |
---|---|
Affected versions | < 2.84-r1 |
Unaffected versions | >= 2.84-r1 |
JHead is an exif jpeg header manipulation tool.
Marc Merlin and John Dong reported multiple vulnerabilities in JHead:
A remote attacker could possibly execute arbitrary code by enticing a user or automated system to open a file with a long filename or via unspecified vectors. It is also possible to trick a user into deleting or overwriting files.
There is no known workaround at this time.
All JHead users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/jhead-2.84-r1"