### [CVE-2018-17088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17088)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability.

### POC

#### Reference
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907925
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907925

#### Github
No PoCs found on GitHub currently.