Multiple vulnerabilities in JHead might lead to the execution of arbitrary code or data loss.
|Package||media-gfx/jhead on all architectures|
|Affected versions||< 2.84-r1|
|Unaffected versions||>= 2.84-r1|
JHead is an exif jpeg header manipulation tool.
Marc Merlin and John Dong reported multiple vulnerabilities in JHead:
A remote attacker could possibly execute arbitrary code by enticing a user or automated system to open a file with a long filename or via unspecified vectors. It is also possible to trick a user into deleting or overwriting files.
There is no known workaround at this time.
All JHead users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/jhead-2.84-r1"