Debian has issued an advisory on March 31:
Mageia 5 is also affected.
Fixed in cauldron and in mga5 core/updates_testing.
No POC image provided, so just testing that the update installs cleanly and
a basic function works.
$ jhead /usr/share/doc/fontforge/htdocs/MetalType.jpeg|grep Comment
Comment : Created with The GIMP
Same output on Mageia 5 i586, x86_64, both before and after the update.
Validating the update.
Advisory loaded to svn with ...
$ cat 20616.adv
subject: Updated jhead packages fix security vulnerability
It was discovered that jhead, a tool to manipulate the non-image part of
EXIF compliant JPEG files, is prone to an out-of-bounds access
vulnerability, which may result in denial of service or, potentially, the
execution of arbitrary code if an image with specially crafted EXIF data
MGA5TOO advisory MGA5-64-OK MGA5-32-OKCC:
An update for this issue has been pushed to the Mageia Updates repository.