Lucene search

MitreCVE-2005-0406

HistoryFeb 16, 2005 - 5:00 a.m.

CVE-2005-0406

2005-02-1605:00:00

CWE-212

mitre

web.nvd.nist.gov

information security

cve

vulnerability

image processing

exif thumbnail

jpeg

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

16.2%

JSON

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Affected configurations

Nvd

Node

image_processing_projectimage_processingMatch-

VendorProductVersionCPE
image_processing_projectimage_processing-cpe:2.3:a:image_processing_project:image_processing:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
image_processing_project	image_processing	-	cpe:2.3:a:image_processing_project:image_processing:-:::::::*

References

seclists.org/lists/fulldisclosure/2005/Feb/0343.html

www.redteam-pentesting.de/advisories/rt-sa-2005-008.txt

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

16.2%

JSON

Related for CVE-2005-0406