Strix
26.1K

CVE-2022-28550

CRITICALCVSS 9.8/10EPSS 1.05%

Last modified

CVE-2022-28550 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. EPSS estimates a 1.05% chance of exploitation in the next 30 days.

Description

Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.05%

59.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Jhead ProjectJhead3.06

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-28550?
Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given.
How severe is CVE-2022-28550?
CVE-2022-28550 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.05% probability of exploitation in the next 30 days.
How do I fix CVE-2022-28550?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-28550?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST