{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-3496", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "assignerShortName": "fedora", "dateUpdated": "2024-08-03T16:53:17.982Z", "dateReserved": "2021-04-13T00:00:00", "datePublished": "2021-04-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2022-10-31T00:00:00"}, "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file."}], "affected": [{"vendor": "n/a", "product": "jhead", "versions": [{"version": "jhead 3.06.0.1", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949245"}, {"url": "https://github.com/Matthias-Wandel/jhead/issues/33"}, {"name": "GLSA-202210-17", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202210-17"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-119", "cweId": "CWE-119"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:53:17.982Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949245", "tags": ["x_transferred"]}, {"url": "https://github.com/Matthias-Wandel/jhead/issues/33", "tags": ["x_transferred"]}, {"name": "GLSA-202210-17", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202210-17"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jhead_project:jhead:3.06:*:*:*:*:*:*:*", "matchCriteriaId": "D05C20ED-B09A-43EE-8D82-0524C33E0E60", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file."}, {"lang": "es", "value": "Se encontr\u00f3 un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en jhead en versi\u00f3n 3.06, en la funci\u00f3n Get16u() en el archivo exif.c cuando se procesa un archivo dise\u00f1ado"}], "id": "CVE-2021-3496", "lastModified": "2024-11-21T06:21:40.943", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-22T19:15:07.450", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949245"}, {"source": "patrick@puiterwijk.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/Matthias-Wandel/jhead/issues/33"}, {"source": "patrick@puiterwijk.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202210-17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949245"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/Matthias-Wandel/jhead/issues/33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202210-17"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}