CVE-2020-6624

HIGH EPSS 69.8%
Published Jan 9, 20206y ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
High
Find Similar
Published Jan 9, 2020 6y ago
Last Modified Jun 17, 2026 2w ago

Description

jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
69.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 1

VendorProductVersionRange
jhead_projectjhead* ≤3.04

References 4

  • bugs.gentoo.org https://bugs.gentoo.org/711220#c3
    Issue TrackingThird Party Advisory
  • bugs.gentoo.org https://bugs.gentoo.org/876247#c0
    Issue TrackingThird Party Advisory
  • bugs.launchpad.net https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744
    ExploitIssue TrackingThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/202007-17
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.