CVE-2021-3496
7.8 HIGHA heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file
Published: 2021-04-22 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.8 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-119, CWE-787
Affected products
| Vendor | Product |
|---|---|
| jhead_project | jhead |
Description
A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3496
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=1949245
- [Patch]https://github.com/Matthias-Wandel/jhead/issues/33
- [Other]https://security.gentoo.org/glsa/202210-17
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=1949245
- [Patch]https://github.com/Matthias-Wandel/jhead/issues/33
- [Other]https://security.gentoo.org/glsa/202210-17
Related CVEs
Same CWE
- CVE-2026-47750 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
- CVE-2026-47747 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
- CVE-2026-47749 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
- CVE-2026-12330 — Incorrect boundary conditions in the Internationalization component (5.4 MEDIUM)
- CVE-2026-12329 — Memory safety bug fixed in Thunderbird ESR 140.12 (5.3 MEDIUM)