Vulnerability Details : CVE-2005-0406
A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.
Exploit prediction scoring system (EPSS) score for CVE-2005-0406
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 13 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-0406
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2005-0406
-
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-0406
-
http://www.redteam-pentesting.de/advisories/rt-sa-2005-008.txt
Exploit;Vendor Advisory
-
http://seclists.org/lists/fulldisclosure/2005/Feb/0343.html
Full Disclosure: Advisory: JPEG EXIF information disclosureMailing List;Third Party Advisory
Products affected by CVE-2005-0406
- cpe:2.3:a:image_processing_project:image_processing:-:*:*:*:*:*:*:*