{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T11:22:10.517","vulnerabilities":[{"cve":{"id":"CVE-2021-3496","sourceIdentifier":"patrick@puiterwijk.org","published":"2021-04-22T19:15:07.450","lastModified":"2024-11-21T06:21:40.943","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file."},{"lang":"es","value":"Se encontró un desbordamiento de búfer en la región heap de la memoria en jhead en versión 3.06, en la función Get16u() en el archivo exif.c cuando se procesa un archivo diseñado"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"patrick@puiterwijk.org","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jhead_project:jhead:3.06:*:*:*:*:*:*:*","matchCriteriaId":"D05C20ED-B09A-43EE-8D82-0524C33E0E60"}]}]}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949245","source":"patrick@puiterwijk.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/Matthias-Wandel/jhead/issues/33","source":"patrick@puiterwijk.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202210-17","source":"patrick@puiterwijk.org","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949245","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/Matthias-Wandel/jhead/issues/33","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202210-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}