CVE-2005-4676

Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.

Published: Dec 31, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-4676
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
andreas_huggel / exiv2	0.6.1	0.6.1.x
andreas_huggel / exiv2	0.6	0.6.x
andreas_huggel / exiv2	0.4	0.4.x
andreas_huggel / exiv2	0.8	0.8.x
andreas_huggel / exiv2	0.5	0.5.x
andreas_huggel / exiv2	0.3	0.3.x
andreas_huggel / exiv2	0.7	0.7.x
andreas_huggel / exiv2	0.6.2	0.6.2.x

http://dev.robotbattle.com/mantis/bug_view_advanced_page.php?bug_id=447
http://home.arcor.de/ahuggel/exiv2/changelog.html
http://secunia.com/advisories/18619
http://www.securityfocus.com/bid/16400
http://www.vupen.com/english/advisories/2006/0345
https://exchange.xforce.ibmcloud.com/vulnerabilities/24349

Vulnerability Database

289,697

CVE-2005-4676