GCVE-VVD-MAGEIA-2021-328 — Vulnetix

GCVE-VVD-MAGEIA-2021-328

Advisory Published

Vulnetix · Advisory published July 10, 2021

Updated jhead package fixes security vulnerabilities: jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c (CVE-2020-6624). jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c (CVE-2020-6625). A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file (CVE-2021-3496).

Download JSON Open in Console

Affected Products

Vendor	Product	Versions	Platforms
Mageia	jhead	0 (affected), 3.06.0.1-1.mga7 (unaffected)	—
Mageia	jhead	0 (affected), 3.06.0.1-1.mga8 (unaffected)	—

Aliases

CVE-2021-3496 CVE-2020-6625 CVE-2020-6624

Transitive aliases

EUVD-2020-27773 OPENSUSE-SU-2021:0620-1 GSD-2021-3496 GHSA-jpjw-8cq8-j6w9 VVD-GENTOO-2020-730746 EUVD-2021-26817 GHSA-rvxv-5pj2-85pq OPENSUSE-SU-2021:0594-1 OPENSUSE-SU-2024:10880-1 CNVD-2021-31664 OPENSUSE-SU-2021:0752-1 OPENSUSE-SU-2021:0743-1 EUVD-2020-27772 GHSA-2w8m-f4xv-fpww

References

Updated jhead packages fix security vulnerabilities

advisory

Updated jhead packages fix security vulnerabilities

issue

Updated jhead packages fix security vulnerabilities

issue

Updated jhead packages fix security vulnerabilities

issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON

$ Console Community · 100/wk Open console ›