{"url":"http://public2.vulnerablecode.io/api/packages/513631?format=json","purl":"pkg:deb/debian/jhead@1:2.95-1","type":"deb","namespace":"debian","name":"jhead","version":"1:2.95-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1:3.08-3","latest_non_vulnerable_version":"1:3.08-3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74456?format=json","vulnerability_id":"VCID-2jfs-dy2k-c7fb","summary":"JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26208","reference_id":"","reference_type":"","scores":[{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56961","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57013","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.5702","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57007","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56993","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57011","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26208"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26208","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26208"},{"reference_url":"https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900821","reference_id":"1900821","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:36Z/"}],"url":"https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900821"},{"reference_url":"https://github.com/F-ZhaoYang/jhead/commit/5186ddcf9e35a7aa0ff0539489a930434a1325f4","reference_id":"5186ddcf9e35a7aa0ff0539489a930434a1325f4","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:36Z/"}],"url":"https://github.com/F-ZhaoYang/jhead/commit/5186ddcf9e35a7aa0ff0539489a930434a1325f4"},{"reference_url":"https://github.com/Matthias-Wandel/jhead/issues/7","reference_id":"7","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:36Z/"}],"url":"https://github.com/Matthias-Wandel/jhead/issues/7"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972617","reference_id":"972617","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972617"},{"reference_url":"https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-7pr6-xq4f-qhgc","reference_id":"GHSA-7pr6-xq4f-qhgc","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:47:36Z/"}],"url":"https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-7pr6-xq4f-qhgc"},{"reference_url":"https://usn.ubuntu.com/6098-1/","reference_id":"USN-6098-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6098-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196158?format=json","purl":"pkg:deb/debian/jhead@1:3.04-6%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12jw-rehr-77dj"},{"vulnerability":"VCID-e4rh-ppzm-fkct"},{"vulnerability":"VCID-h85c-19qs-zuhd"},{"vulnerability":"VCID-pek5-w364-vkfs"},{"vulnerability":"VCID-u3k5-manr-1fad"},{"vulnerability":"VCID-x9yg-vhd7-8fdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jhead@1:3.04-6%252Bdeb11u1"}],"aliases":["CVE-2020-26208"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2jfs-dy2k-c7fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74475?format=json","vulnerability_id":"VCID-2qd9-7hgw-9yak","summary":"Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41751","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14824","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1491","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14907","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14866","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14783","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14806","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34055","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34055"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41751"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022028","reference_id":"1022028","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022028"},{"reference_url":"https://github.com/Matthias-Wandel/jhead/pull/57","reference_id":"57","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T15:26:40Z/"}],"url":"https://github.com/Matthias-Wandel/jhead/pull/57"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NM6FET4ZNWV4EQGKZTLZFWTNVODGVOK/","reference_id":"5NM6FET4ZNWV4EQGKZTLZFWTNVODGVOK","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T15:26:40Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NM6FET4ZNWV4EQGKZTLZFWTNVODGVOK/"},{"reference_url":"https://www.debian.org/security/2022/dsa-5294","reference_id":"dsa-5294","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T15:26:40Z/"}],"url":"https://www.debian.org/security/2022/dsa-5294"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EG26AD7KJAY5B6L6OERSGL4FRXJE3GOB/","reference_id":"EG26AD7KJAY5B6L6OERSGL4FRXJE3GOB","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T15:26:40Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EG26AD7KJAY5B6L6OERSGL4FRXJE3GOB/"},{"reference_url":"https://security.gentoo.org/glsa/202406-05","reference_id":"GLSA-202406-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202406-05"},{"reference_url":"https://github.com/Matthias-Wandel/jhead","reference_id":"jhead","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T15:26:40Z/"}],"url":"https://github.com/Matthias-Wandel/jhead"},{"reference_url":"https://github.com/Matthias-Wandel/jhead/blob/63ce118c6a59ea64ac357236a11a47aaf569d622/jhead.c#L788","reference_id":"jhead.c#L788","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T15:26:40Z/"}],"url":"https://github.com/Matthias-Wandel/jhead/blob/63ce118c6a59ea64ac357236a11a47aaf569d622/jhead.c#L788"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00004.html","reference_id":"msg00004.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T15:26:40Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00004.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAVB3ZX7E5ULEXESU5NXZIAHY6CVGCHB/","reference_id":"TAVB3ZX7E5ULEXESU5NXZIAHY6CVGCHB","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-13T15:26:40Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAVB3ZX7E5ULEXESU5NXZIAHY6CVGCHB/"},{"reference_url":"https://usn.ubuntu.com/6108-1/","reference_id":"USN-6108-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6108-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196158?format=json","purl":"pkg:deb/debian/jhead@1:3.04-6%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12jw-rehr-77dj"},{"vulnerability":"VCID-e4rh-ppzm-fkct"},{"vulnerability":"VCID-h85c-19qs-zuhd"},{"vulnerability":"VCID-pek5-w364-vkfs"},{"vulnerability":"VCID-u3k5-manr-1fad"},{"vulnerability":"VCID-x9yg-vhd7-8fdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jhead@1:3.04-6%252Bdeb11u1"}],"aliases":["CVE-2022-41751"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qd9-7hgw-9yak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74443?format=json","vulnerability_id":"VCID-45kc-a5x9-cff7","summary":"exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3822","reference_id":"","reference_type":"","scores":[{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57681","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57732","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57741","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57731","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57718","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57735","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3822","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3822"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858213","reference_id":"858213","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858213"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/513633?format=json","purl":"pkg:deb/debian/jhead@1:2.97-1%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jfs-dy2k-c7fb"},{"vulnerability":"VCID-2qd9-7hgw-9yak"},{"vulnerability":"VCID-45kc-a5x9-cff7"},{"vulnerability":"VCID-7aka-qb3k-hqcj"},{"vulnerability":"VCID-8m5r-2t9r-xkgr"},{"vulnerability":"VCID-92q9-49z2-yqdt"},{"vulnerability":"VCID-afd2-ks8x-gug5"},{"vulnerability":"VCID-fygz-5md9-cyfk"},{"vulnerability":"VCID-rhtd-rwbc-w3bv"},{"vulnerability":"VCID-v2we-w26s-x3gz"},{"vulnerability":"VCID-x81u-kezm-tyef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jhead@1:2.97-1%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/562401?format=json","purl":"pkg:deb/debian/jhead@1:3.00-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jfs-dy2k-c7fb"},{"vulnerability":"VCID-2qd9-7hgw-9yak"},{"vulnerability":"VCID-7aka-qb3k-hqcj"},{"vulnerability":"VCID-8m5r-2t9r-xkgr"},{"vulnerability":"VCID-92q9-49z2-yqdt"},{"vulnerability":"VCID-afd2-ks8x-gug5"},{"vulnerability":"VCID-fygz-5md9-cyfk"},{"vulnerability":"VCID-rhtd-rwbc-w3bv"},{"vulnerability":"VCID-v2we-w26s-x3gz"},{"vulnerability":"VCID-x81u-kezm-tyef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jhead@1:3.00-4%252Bdeb9u1"}],"aliases":["CVE-2016-3822"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-45kc-a5x9-cff7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74454?format=json","vulnerability_id":"VCID-7aka-qb3k-hqcj","summary":"jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19035","reference_id":"","reference_type":"","scores":[{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57302","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57355","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57363","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57351","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57338","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19035"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944961","reference_id":"944961","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944961"},{"reference_url":"https://security.gentoo.org/glsa/202007-17","reference_id":"GLSA-202007-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-17"},{"reference_url":"https://usn.ubuntu.com/6098-1/","reference_id":"USN-6098-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6098-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196158?format=json","purl":"pkg:deb/debian/jhead@1:3.04-6%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12jw-rehr-77dj"},{"vulnerability":"VCID-e4rh-ppzm-fkct"},{"vulnerability":"VCID-h85c-19qs-zuhd"},{"vulnerability":"VCID-pek5-w364-vkfs"},{"vulnerability":"VCID-u3k5-manr-1fad"},{"vulnerability":"VCID-x9yg-vhd7-8fdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jhead@1:3.04-6%252Bdeb11u1"}],"aliases":["CVE-2019-19035"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7aka-qb3k-hqcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74446?format=json","vulnerability_id":"VCID-8m5r-2t9r-xkgr","summary":"The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17088","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49032","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49093","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49102","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49086","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49057","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49069","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17088"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17088"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907925","reference_id":"907925","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907925"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/577857?format=json","purl":"pkg:deb/debian/jhead@1:3.00-8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jfs-dy2k-c7fb"},{"vulnerability":"VCID-2qd9-7hgw-9yak"},{"vulnerability":"VCID-7aka-qb3k-hqcj"},{"vulnerability":"VCID-afd2-ks8x-gug5"},{"vulnerability":"VCID-fygz-5md9-cyfk"},{"vulnerability":"VCID-rhtd-rwbc-w3bv"},{"vulnerability":"VCID-x81u-kezm-tyef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jhead@1:3.00-8"}],"aliases":["CVE-2018-17088"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8m5r-2t9r-xkgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74448?format=json","vulnerability_id":"VCID-92q9-49z2-yqdt","summary":"An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6612","reference_id":"","reference_type":"","scores":[{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61844","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61892","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61901","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.6189","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61874","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61891","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6612"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6612"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889272","reference_id":"889272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889272"},{"reference_url":"https://usn.ubuntu.com/6113-1/","reference_id":"USN-6113-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6113-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/577857?format=json","purl":"pkg:deb/debian/jhead@1:3.00-8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jfs-dy2k-c7fb"},{"vulnerability":"VCID-2qd9-7hgw-9yak"},{"vulnerability":"VCID-7aka-qb3k-hqcj"},{"vulnerability":"VCID-afd2-ks8x-gug5"},{"vulnerability":"VCID-fygz-5md9-cyfk"},{"vulnerability":"VCID-rhtd-rwbc-w3bv"},{"vulnerability":"VCID-x81u-kezm-tyef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jhead@1:3.00-8"}],"aliases":["CVE-2018-6612"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-92q9-49z2-yqdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7087?format=json","vulnerability_id":"VCID-afd2-ks8x-gug5","summary":"arbitrary code execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3496","reference_id":"","reference_type":"","scores":[{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65277","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65224","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65266","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65273","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65265","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65254","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3496"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986923","reference_id":"986923","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986923"},{"reference_url":"https://security.archlinux.org/AVG-1815","reference_id":"AVG-1815","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1815"},{"reference_url":"https://security.gentoo.org/glsa/202210-17","reference_id":"GLSA-202210-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-17"},{"reference_url":"https://usn.ubuntu.com/6110-1/","reference_id":"USN-6110-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6110-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196158?format=json","purl":"pkg:deb/debian/jhead@1:3.04-6%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12jw-rehr-77dj"},{"vulnerability":"VCID-e4rh-ppzm-fkct"},{"vulnerability":"VCID-h85c-19qs-zuhd"},{"vulnerability":"VCID-pek5-w364-vkfs"},{"vulnerability":"VCID-u3k5-manr-1fad"},{"vulnerability":"VCID-x9yg-vhd7-8fdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jhead@1:3.04-6%252Bdeb11u1"}],"aliases":["CVE-2021-3496"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-afd2-ks8x-gug5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74450?format=json","vulnerability_id":"VCID-fygz-5md9-cyfk","summary":"jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010301","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46689","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46755","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46759","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.4674","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46712","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46722","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010301"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932145","reference_id":"932145","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932145"},{"reference_url":"https://security.gentoo.org/glsa/202007-17","reference_id":"GLSA-202007-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-17"},{"reference_url":"https://usn.ubuntu.com/6098-1/","reference_id":"USN-6098-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6098-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196158?format=json","purl":"pkg:deb/debian/jhead@1:3.04-6%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12jw-rehr-77dj"},{"vulnerability":"VCID-e4rh-ppzm-fkct"},{"vulnerability":"VCID-h85c-19qs-zuhd"},{"vulnerability":"VCID-pek5-w364-vkfs"},{"vulnerability":"VCID-u3k5-manr-1fad"},{"vulnerability":"VCID-x9yg-vhd7-8fdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jhead@1:3.04-6%252Bdeb11u1"}],"aliases":["CVE-2019-1010301"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fygz-5md9-cyfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74452?format=json","vulnerability_id":"VCID-rhtd-rwbc-w3bv","summary":"jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010302","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46201","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46166","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46199","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46131","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46181","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46155","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010302"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932146","reference_id":"932146","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932146"},{"reference_url":"https://security.gentoo.org/glsa/202007-17","reference_id":"GLSA-202007-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-17"},{"reference_url":"https://usn.ubuntu.com/6098-1/","reference_id":"USN-6098-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6098-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196158?format=json","purl":"pkg:deb/debian/jhead@1:3.04-6%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12jw-rehr-77dj"},{"vulnerability":"VCID-e4rh-ppzm-fkct"},{"vulnerability":"VCID-h85c-19qs-zuhd"},{"vulnerability":"VCID-pek5-w364-vkfs"},{"vulnerability":"VCID-u3k5-manr-1fad"},{"vulnerability":"VCID-x9yg-vhd7-8fdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jhead@1:3.04-6%252Bdeb11u1"}],"aliases":["CVE-2019-1010302"],"risk_score":0.8,"exploitability":"0.5","weighted_severity":"1.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhtd-rwbc-w3bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74445?format=json","vulnerability_id":"VCID-v2we-w26s-x3gz","summary":"The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16554","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53121","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53183","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53191","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53173","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53146","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53171","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16554"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16554","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16554"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908176","reference_id":"908176","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908176"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/577857?format=json","purl":"pkg:deb/debian/jhead@1:3.00-8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jfs-dy2k-c7fb"},{"vulnerability":"VCID-2qd9-7hgw-9yak"},{"vulnerability":"VCID-7aka-qb3k-hqcj"},{"vulnerability":"VCID-afd2-ks8x-gug5"},{"vulnerability":"VCID-fygz-5md9-cyfk"},{"vulnerability":"VCID-rhtd-rwbc-w3bv"},{"vulnerability":"VCID-x81u-kezm-tyef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jhead@1:3.00-8"}],"aliases":["CVE-2018-16554"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2we-w26s-x3gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74469?format=json","vulnerability_id":"VCID-x81u-kezm-tyef","summary":"jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-34055","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20057","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20133","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20127","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20087","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20021","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20039","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-34055"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34055","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34055"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41751"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024272","reference_id":"1024272","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024272"},{"reference_url":"https://github.com/Matthias-Wandel/jhead/issues/36","reference_id":"36","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-02T19:09:28Z/"}],"url":"https://github.com/Matthias-Wandel/jhead/issues/36"},{"reference_url":"https://www.debian.org/security/2022/dsa-5294","reference_id":"dsa-5294","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-02T19:09:28Z/"}],"url":"https://www.debian.org/security/2022/dsa-5294"},{"reference_url":"https://security.gentoo.org/glsa/202406-05","reference_id":"GLSA-202406-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202406-05"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00004.html","reference_id":"msg00004.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-02T19:09:28Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00004.html"},{"reference_url":"https://usn.ubuntu.com/6108-1/","reference_id":"USN-6108-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6108-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196158?format=json","purl":"pkg:deb/debian/jhead@1:3.04-6%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12jw-rehr-77dj"},{"vulnerability":"VCID-e4rh-ppzm-fkct"},{"vulnerability":"VCID-h85c-19qs-zuhd"},{"vulnerability":"VCID-pek5-w364-vkfs"},{"vulnerability":"VCID-u3k5-manr-1fad"},{"vulnerability":"VCID-x9yg-vhd7-8fdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jhead@1:3.04-6%252Bdeb11u1"}],"aliases":["CVE-2021-34055"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x81u-kezm-tyef"}],"fixing_vulnerabilities":[],"risk_score":"3.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/jhead@1:2.95-1"}