CVE-2022-28550 Information

Description

Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape() jhead.c jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However jhead does not check the boundary of the stack buffer. As a result there will be a stack buffer overflow problem when multiple &i or &o are given.

Reference

https://github.com/Matthias-Wandel/jhead/commit/64894dbc7d8e1e232e85f1cab25c64290b2fc167 https://github.com/Matthias-Wandel/jhead/issues/51