Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for jhead by sentex

    CVE-2008-4641 (GCVE-0-2008-4641)

    Vulnerability from nvd – Published: 2008-10-21 16:00 – Updated: 2024-08-07 10:24
    VLAI
    Summary
    The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-10-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:24:20.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "31921",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31921"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
              },
              {
                "name": "[oss-security] 20081015 CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
              },
              {
                "name": "[oss-security] 20081127 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
              },
              {
                "name": "[oss-security] 20081016 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
              },
              {
                "name": "[oss-security] 20081015 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-10-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-15T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "31921",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31921"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
            },
            {
              "name": "[oss-security] 20081015 CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
            },
            {
              "name": "[oss-security] 20081127 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
            },
            {
              "name": "[oss-security] 20081016 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
            },
            {
              "name": "[oss-security] 20081015 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4641",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "31921",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31921"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
                },
                {
                  "name": "[oss-security] 20081015 CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
                },
                {
                  "name": "[oss-security] 20081127 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
                },
                {
                  "name": "[oss-security] 20081016 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
                },
                {
                  "name": "[oss-security] 20081015 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4641",
        "datePublished": "2008-10-21T16:00:00.000Z",
        "dateReserved": "2008-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:24:20.785Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4640 (GCVE-0-2008-4640)

    Vulnerability from nvd – Published: 2008-10-21 16:00 – Updated: 2024-08-07 10:24
    VLAI
    Summary
    The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-10-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:24:20.685Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32506",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32506"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
              },
              {
                "name": "[oss-security] 20081127 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
              },
              {
                "name": "[oss-security] 20081016 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-10-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final \"z\" character is replaced by a \"t\" character or (2) a final \"t\" character is replaced by a \"z\" character."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-12-02T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32506",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32506"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
            },
            {
              "name": "[oss-security] 20081127 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
            },
            {
              "name": "[oss-security] 20081016 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4640",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final \"z\" character is replaced by a \"t\" character or (2) a final \"t\" character is replaced by a \"z\" character."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32506",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32506"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
                },
                {
                  "name": "[oss-security] 20081127 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
                },
                {
                  "name": "[oss-security] 20081016 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4640",
        "datePublished": "2008-10-21T16:00:00.000Z",
        "dateReserved": "2008-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:24:20.685Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4639 (GCVE-0-2008-4639)

    Vulnerability from nvd – Published: 2008-10-21 16:00 – Updated: 2024-08-07 10:24
    VLAI
    Summary
    jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-10-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:24:20.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
              },
              {
                "name": "[oss-security] 20081015 CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
              },
              {
                "name": "[oss-security] 20090206 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/02/06/5"
              },
              {
                "name": "[oss-security] 20081016 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
              },
              {
                "name": "[oss-security] 20081015 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-10-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-03-21T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
            },
            {
              "name": "[oss-security] 20081015 CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
            },
            {
              "name": "[oss-security] 20090206 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/02/06/5"
            },
            {
              "name": "[oss-security] 20081016 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
            },
            {
              "name": "[oss-security] 20081015 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4639",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
                },
                {
                  "name": "[oss-security] 20081015 CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
                },
                {
                  "name": "[oss-security] 20090206 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/02/06/5"
                },
                {
                  "name": "[oss-security] 20081016 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
                },
                {
                  "name": "[oss-security] 20081015 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4639",
        "datePublished": "2008-10-21T16:00:00.000Z",
        "dateReserved": "2008-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:24:20.863Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4575 (GCVE-0-2008-4575)

    Vulnerability from nvd – Published: 2008-10-15 19:00 – Updated: 2024-08-07 10:24
    VLAI
    Summary
    Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:24:20.565Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2008-8928",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html"
              },
              {
                "name": "31770",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31770"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sentex.net/~mwandel/jhead/changes.txt"
              },
              {
                "name": "32363",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32363"
              },
              {
                "name": "FEDORA-2008-8941",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
              },
              {
                "name": "[oss-security] 20081015 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to \"a bunch of potential string overflows.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-10-23T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "FEDORA-2008-8928",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html"
            },
            {
              "name": "31770",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31770"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sentex.net/~mwandel/jhead/changes.txt"
            },
            {
              "name": "32363",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32363"
            },
            {
              "name": "FEDORA-2008-8941",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
            },
            {
              "name": "[oss-security] 20081015 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4575",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to \"a bunch of potential string overflows.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FEDORA-2008-8928",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html"
                },
                {
                  "name": "31770",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31770"
                },
                {
                  "name": "http://www.sentex.net/~mwandel/jhead/changes.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.sentex.net/~mwandel/jhead/changes.txt"
                },
                {
                  "name": "32363",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32363"
                },
                {
                  "name": "FEDORA-2008-8941",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
                },
                {
                  "name": "[oss-security] 20081015 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4575",
        "datePublished": "2008-10-15T19:00:00.000Z",
        "dateReserved": "2008-10-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:24:20.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4640 (GCVE-0-2008-4640)

    Vulnerability from cvelistv5 – Published: 2008-10-21 16:00 – Updated: 2024-08-07 10:24
    VLAI
    Summary
    The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-10-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:24:20.685Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32506",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32506"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
              },
              {
                "name": "[oss-security] 20081127 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
              },
              {
                "name": "[oss-security] 20081016 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-10-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final \"z\" character is replaced by a \"t\" character or (2) a final \"t\" character is replaced by a \"z\" character."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-12-02T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32506",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32506"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
            },
            {
              "name": "[oss-security] 20081127 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
            },
            {
              "name": "[oss-security] 20081016 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4640",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final \"z\" character is replaced by a \"t\" character or (2) a final \"t\" character is replaced by a \"z\" character."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32506",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32506"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
                },
                {
                  "name": "[oss-security] 20081127 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
                },
                {
                  "name": "[oss-security] 20081016 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4640",
        "datePublished": "2008-10-21T16:00:00.000Z",
        "dateReserved": "2008-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:24:20.685Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4641 (GCVE-0-2008-4641)

    Vulnerability from cvelistv5 – Published: 2008-10-21 16:00 – Updated: 2024-08-07 10:24
    VLAI
    Summary
    The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-10-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:24:20.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "31921",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31921"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
              },
              {
                "name": "[oss-security] 20081015 CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
              },
              {
                "name": "[oss-security] 20081127 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
              },
              {
                "name": "[oss-security] 20081016 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
              },
              {
                "name": "[oss-security] 20081015 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-10-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-15T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "31921",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31921"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
            },
            {
              "name": "[oss-security] 20081015 CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
            },
            {
              "name": "[oss-security] 20081127 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
            },
            {
              "name": "[oss-security] 20081016 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
            },
            {
              "name": "[oss-security] 20081015 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4641",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "31921",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31921"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
                },
                {
                  "name": "[oss-security] 20081015 CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
                },
                {
                  "name": "[oss-security] 20081127 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
                },
                {
                  "name": "[oss-security] 20081016 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
                },
                {
                  "name": "[oss-security] 20081015 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4641",
        "datePublished": "2008-10-21T16:00:00.000Z",
        "dateReserved": "2008-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:24:20.785Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4639 (GCVE-0-2008-4639)

    Vulnerability from cvelistv5 – Published: 2008-10-21 16:00 – Updated: 2024-08-07 10:24
    VLAI
    Summary
    jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-10-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:24:20.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
              },
              {
                "name": "[oss-security] 20081015 CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
              },
              {
                "name": "[oss-security] 20090206 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/02/06/5"
              },
              {
                "name": "[oss-security] 20081016 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
              },
              {
                "name": "[oss-security] 20081015 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-10-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-03-21T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
            },
            {
              "name": "[oss-security] 20081015 CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
            },
            {
              "name": "[oss-security] 20090206 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/02/06/5"
            },
            {
              "name": "[oss-security] 20081016 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
            },
            {
              "name": "[oss-security] 20081015 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4639",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
                },
                {
                  "name": "[oss-security] 20081015 CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
                },
                {
                  "name": "[oss-security] 20090206 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/02/06/5"
                },
                {
                  "name": "[oss-security] 20081016 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
                },
                {
                  "name": "[oss-security] 20081015 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4639",
        "datePublished": "2008-10-21T16:00:00.000Z",
        "dateReserved": "2008-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:24:20.863Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4575 (GCVE-0-2008-4575)

    Vulnerability from cvelistv5 – Published: 2008-10-15 19:00 – Updated: 2024-08-07 10:24
    VLAI
    Summary
    Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:24:20.565Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2008-8928",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html"
              },
              {
                "name": "31770",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31770"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sentex.net/~mwandel/jhead/changes.txt"
              },
              {
                "name": "32363",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32363"
              },
              {
                "name": "FEDORA-2008-8941",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
              },
              {
                "name": "[oss-security] 20081015 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to \"a bunch of potential string overflows.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-10-23T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "FEDORA-2008-8928",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html"
            },
            {
              "name": "31770",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31770"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sentex.net/~mwandel/jhead/changes.txt"
            },
            {
              "name": "32363",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32363"
            },
            {
              "name": "FEDORA-2008-8941",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
            },
            {
              "name": "[oss-security] 20081015 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4575",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to \"a bunch of potential string overflows.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FEDORA-2008-8928",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html"
                },
                {
                  "name": "31770",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31770"
                },
                {
                  "name": "http://www.sentex.net/~mwandel/jhead/changes.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.sentex.net/~mwandel/jhead/changes.txt"
                },
                {
                  "name": "32363",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32363"
                },
                {
                  "name": "FEDORA-2008-8941",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
                },
                {
                  "name": "[oss-security] 20081015 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4575",
        "datePublished": "2008-10-15T19:00:00.000Z",
        "dateReserved": "2008-10-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:24:20.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }