Vulnerabilities > CVE-2005-4676 - Denial Of Service vulnerability in Exiv2 Corrupted EXIF Data

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
andreas-huggel
exploit available

Summary

Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.

Exploit-Db

descriptionExiv2 Corrupted EXIF Data Denial Of Service Vulnerability. CVE-2005-4676. Dos exploits for multiple platform
idEDB-ID:27140
last seen2016-02-03
modified2006-01-26
published2006-01-26
reporterMaciek Wierciski
sourcehttps://www.exploit-db.com/download/27140/
titleExiv2 - Corrupted EXIF Data Denial of Service Vulnerability