CVE DATABASE / CVE-2005-0406
CVE-2005-0406
CVSS 5.5 · MEDIUM
Summary
A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.
CVSS 3.1 breakdown
| Base score | 5.5 (MEDIUM) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | NONE |
| Availability | NONE |
Weakness type (CWE)
Affected products
Image_processing_project image processing
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://seclists.org/lists/fulldisclosure/2005/Feb/0343.html
- http://www.redteam-pentesting.de/advisories/rt-sa-2005-008.txt
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.