ID CVE-2005-4676
Summary Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.
References
Vulnerable Configurations
  • cpe:2.3:a:andreas_huggel:exiv2:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:andreas_huggel:exiv2:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:andreas_huggel:exiv2:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:andreas_huggel:exiv2:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:andreas_huggel:exiv2:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:andreas_huggel:exiv2:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:andreas_huggel:exiv2:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:andreas_huggel:exiv2:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:andreas_huggel:exiv2:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:andreas_huggel:exiv2:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:andreas_huggel:exiv2:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:andreas_huggel:exiv2:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:andreas_huggel:exiv2:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:andreas_huggel:exiv2:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:andreas_huggel:exiv2:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:andreas_huggel:exiv2:0.8:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 16400
confirm http://home.arcor.de/ahuggel/exiv2/changelog.html
misc http://dev.robotbattle.com/mantis/bug_view_advanced_page.php?bug_id=447
secunia 18619
vupen ADV-2006-0345
xf exiv2-iptc-metadata-dos(24349)
Last major update 20-07-2017 - 01:29
Published 31-12-2005 - 05:00
Back to Top