Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-4676 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Exiv2

6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

12.8%

top 5.94%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Exiv2 Debian Exiv2 Andreas Huggel Exiv2

Timeline

PublishedDec 31

Latest updateDec 15

Description

Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDandreas_huggel/exiv28 versions+7

▶debiandebian/exiv2< exiv2 0.9 (bookworm)

▶Debianexiv2/exiv2< 0.9+3

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-r744-c99h-q8c4: Buffer overflow in Andreas Huggel Exiv2 before 0↗2022-05-01

▶

OSV

CVE-2005-4676: Buffer overflow in Andreas Huggel Exiv2 before 0↗2005-12-31

▶

💥Exploits & PoCs

Exploit-DB

Exiv2 - Corrupted EXIF Data Denial of Service↗2006-01-26

▶

📋Vendor Advisories

Debian

CVE-2005-4676: exiv2 - Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strin...↗2005

▶

📄Research Papers

arXiv

Do Chase Your Tail! Missing Key Aspects Augmentation in Textual Vulnerability Descriptions of Long-tail Software through Feature Inference↗2024-12-15

▶