{"id":"CVE-2020-26208","details":"JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue.","modified":"2026-04-02T05:09:44.669916Z","published":"2022-02-02T12:15:07.783Z","related":["GHSA-7pr6-xq4f-qhgc"],"references":[{"type":"FIX","url":"https://github.com/F-ZhaoYang/jhead/commit/5186ddcf9e35a7aa0ff0539489a930434a1325f4"},{"type":"FIX","url":"https://github.com/Matthias-Wandel/jhead/issues/7"},{"type":"EVIDENCE","url":"https://github.com/F-ZhaoYang/jhead/security/advisories/GHSA-7pr6-xq4f-qhgc"},{"type":"EVIDENCE","url":"https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1900821"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fstark-prog/jhead","events":[{"introduced":"0"},{"fixed":"5186ddcf9e35a7aa0ff0539489a930434a1325f4"}]},{"type":"GIT","repo":"https://github.com/fstark-prog/jhead","events":[{"introduced":"0"},{"fixed":"5186ddcf9e35a7aa0ff0539489a930434a1325f4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26208.json","vanir_signatures":[{"digest":{"function_hash":"169859494957838646546167816554253108203","length":4468},"deprecated":false,"signature_type":"Function","target":{"file":"jpgfile.c","function":"ReadJpegSections"},"signature_version":"v1","id":"CVE-2020-26208-9cc15307","source":"https://github.com/fstark-prog/jhead/commit/5186ddcf9e35a7aa0ff0539489a930434a1325f4"},{"digest":{"threshold":0.9,"line_hashes":["330576998942771320151481250915304193446","40248117166146344862024078462565820385","323429446749629407972037523201053216423","56402429679977452765806517496243227448","187911260753655467679865722206949584709","301837814040836008224752105503415912204","119770356065684445666760556539337173884","293215338876584511415204784118399240843"]},"deprecated":false,"signature_type":"Line","target":{"file":"jpgfile.c"},"signature_version":"v1","id":"CVE-2020-26208-9f1f6a1b","source":"https://github.com/fstark-prog/jhead/commit/5186ddcf9e35a7aa0ff0539489a930434a1325f4"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"3.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}]}