Security update for jhead SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0620-1 Final 1 1 2021-04-26T04:05:12Z current 2021-04-26T04:05:12Z 2021-04-26T04:05:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for jhead This update for jhead fixes the following issues: - CVE-2021-3496: Fixed heap-based buffer overflow in Get16u() in exif.c (bsc#1184756) This update was imported from the openSUSE:Leap:15.2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-620 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZXG5OVP6VGZDHK4MFFT7R3RG7DSWAZ4D/ E-Mail link for openSUSE-SU-2021:0620-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1184756 SUSE Bug 1184756 https://www.suse.com/security/cve/CVE-2021-3496/ SUSE CVE CVE-2021-3496 page SUSE Package Hub 15 SP2 jhead-3.00-bp152.4.3.1 jhead-3.00-bp152.4.3.1 as a component of SUSE Package Hub 15 SP2 A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. CVE-2021-3496 SUSE Package Hub 15 SP2:jhead-3.00-bp152.4.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZXG5OVP6VGZDHK4MFFT7R3RG7DSWAZ4D/ https://www.suse.com/security/cve/CVE-2021-3496.html CVE-2021-3496 https://bugzilla.suse.com/1184756 SUSE Bug 1184756