[USN-6113-1] Jhead vulnerability

George-Andrei Iosif andrei.iosif at canonical.com
Tue May 30 07:45:42 UTC 2023

Ubuntu Security Notice USN-6113-1
May 30, 2023

Jhead vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)


Jhead could be made to crash if it opened a specially crafted

Software Description:
- jhead: Manipulate the non-image part of Exif compliant JPEG files


It was discovered that Jhead did not properly handle certain crafted images
while processing the Exif markers. An attacker could possibly use this
issue to crash Jhead, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   jhead                           1:3.00-4+deb9u1ubuntu0.1~esm4

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
   jhead                           1:2.97-1+deb8u2ubuntu0.1~esm4

In general, a standard system update will make all the necessary changes.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20230530/98d60864/attachment.sig>

More information about the ubuntu-security-announce mailing list