CVE-2008-4640
EPSS 0.06%
Description
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character.
How to fix CVE-2008-4640
To remediate CVE-2008-4640, upgrade the affected package to a fixed version below.
- Debian/jhead—upgrade to 2.85-1 or later
Is CVE-2008-4640 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.85-1