CVE-2005-0406

Exploit

EPSS 0.12%
Published 14.02.2005 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Image Processing Project ≫ Image Processing Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.281

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

http://seclists.org/lists/fulldisclosure/2005/Feb/0343.html

Third Party Advisory

Mailing List

http://www.redteam-pentesting.de/advisories/rt-sa-2005-008.txt

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2005-0406

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-0406

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-0406

EUVD