VDB
CVE-2020-28840
CVE-2020-28840
PUBLISHED
Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS).
EPSS 0.03% · 10.3th percentile
Risk Scores
EPSS Score
0.03%
10.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | jhead | 1:3.00-4, 1:3.00-5, 1:3.00-6 |
| Ubuntu:Pro:14.04:LTS | jhead | 1:2.97-1+deb8u2ubuntu0.1~esm4, 0, 1:2.97-1 |
| Ubuntu:Pro:20.04:LTS | jhead | 1:3.03-3, 1:3.04-1ubuntu0.1, 1:3.04-1ubuntu0.2 |
| Ubuntu:Pro:16.04:LTS | jhead | 1:3.00-4+deb9u1ubuntu0.1~esm4, 0, * |
Exploit Intelligence
- https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900820 (nist-nvd)
- https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-xh27-xwgj-gqw2 (nist-nvd)
- https://github.com/Matthias-Wandel/jhead/issues/8 (nist-nvd)
- https://github.com/Matthias-Wandel/jhead/commit/4827ed31c226dc5ed93603bd649e0e387a1778da (circl)
Timeline
- Aug 11, 2023 CVE Published
- Aug 12, 2023 EPSS Score
- Sep 15, 2023 EPSS Score
- Oct 18, 2023 EPSS Score
- Nov 21, 2023 EPSS Score
- Dec 24, 2023 EPSS Score
- Jan 27, 2024 EPSS Score
- Feb 29, 2024 EPSS Score
- Apr 3, 2024 EPSS Score
- May 6, 2024 EPSS Score
- Jun 9, 2024 EPSS Score
- Jul 12, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-28840 third-party-advisory
- https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900820 third-party-advisory
- https://github.com/Matthias-Wandel/jhead/commit/4827ed31c226dc5ed93603bd649e0e387a1778da third-party-advisory
- https://github.com/Matthias-Wandel/jhead/issues/8 third-party-advisory
- https://github.com/Fstark-prog/jhead/security/advisories/GHSA-xh27-xwgj-gqw2 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-28840 third-party-advisory