CVE-2005-0406 — Improper Removal of Sensitive Information Before Storage or Transfer in Imagemagick

CWE-212 — Improper Removal of Sensitive Information Before Storage or Transfer CWE-359 — Exposure of Private Personal Information to an Unauthorized Actor CWE-669 — Incorrect Resource Transfer Between Spheres7 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 68.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Imagemagick

Timeline

PublishedFeb 14

Latest updateMay 1

Description

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶debiandebian/imagemagick

🔴Vulnerability Details

GHSA

GHSA-578w-c3rg-xx4q: A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information↗2022-05-01

▶

OSV

CVE-2005-0406: A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information↗2005-02-14

▶

📋Vendor Advisories

Debian

CVE-2005-0406: imagemagick - A design flaw in image processing software that modifies JPEG images might not m...↗2005

▶

📐Framework References

CWE

Exposure of Private Personal Information to an Unauthorized Actor↗

▶

CWE

Improper Removal of Sensitive Information Before Storage or Transfer↗

▶

CWE

Incorrect Resource Transfer Between Spheres↗

▶