CVE-2005-0406

Published: Feb 14, 2005Modified: Apr 16, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Affected (1)

Products: Image Processing Project: Image Processing

Image Processing Project

1 product

Image Processing

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Image Processing Project Image Processing	All versions

Related CWEs

CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

References (4)

http://seclists.org/lists/fulldisclosure/2005/Feb/0343.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.redteam-pentesting.de/advisories/rt-sa-2005-008.txt

Source: cve@mitre.org

ExploitVendor Advisory

http://seclists.org/lists/fulldisclosure/2005/Feb/0343.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.redteam-pentesting.de/advisories/rt-sa-2005-008.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.