Search
Find a vulnerability
Search criteria
248 vulnerabilities found for exiv2 by Exiv2
CVE-2026-27631 (GCVE-0-2026-27631)
Vulnerability from nvd – Published: 2026-03-02 19:40 – Updated: 2026-03-02 20:28
VLAI
Title
Exiv2: Uncaught exception - cannot create std::vector larger than max_size()
Summary
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/issues/3513 | x_refsource_MISC |
| https://github.com/Exiv2/exiv2/pull/3514 | x_refsource_MISC |
| https://github.com/Exiv2/exiv2/commit/659db316eef… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27631",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T20:27:04.449308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T20:28:01.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003c 0.28.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T19:40:45.351Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j"
},
{
"name": "https://github.com/Exiv2/exiv2/issues/3513",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/3513"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/3514",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/3514"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df"
}
],
"source": {
"advisory": "GHSA-p2pw-7935-c73j",
"discovery": "UNKNOWN"
},
"title": "Exiv2: Uncaught exception - cannot create std::vector larger than max_size()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27631",
"datePublished": "2026-03-02T19:40:45.351Z",
"dateReserved": "2026-02-20T22:02:30.028Z",
"dateUpdated": "2026-03-02T20:28:01.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27596 (GCVE-0-2026-27596)
Vulnerability from nvd – Published: 2026-03-02 19:40 – Updated: 2026-03-02 20:25
VLAI
Title
Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow
Summary
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/issues/3511 | x_refsource_MISC |
| https://github.com/Exiv2/exiv2/pull/3512 | x_refsource_MISC |
| https://github.com/Exiv2/exiv2/commit/eaa9e21aabe… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T20:25:12.745500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T20:25:31.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003c 0.28.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T19:40:48.559Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-3wgv-fg4w-75x7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-3wgv-fg4w-75x7"
},
{
"name": "https://github.com/Exiv2/exiv2/issues/3511",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/3511"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/3512",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/3512"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/eaa9e21aabe06b3f91cfe66686f5ebc3ca3c0ed4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/commit/eaa9e21aabe06b3f91cfe66686f5ebc3ca3c0ed4"
}
],
"source": {
"advisory": "GHSA-3wgv-fg4w-75x7",
"discovery": "UNKNOWN"
},
"title": "Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27596",
"datePublished": "2026-03-02T19:40:48.559Z",
"dateReserved": "2026-02-20T19:43:14.601Z",
"dateUpdated": "2026-03-02T20:25:31.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25884 (GCVE-0-2026-25884)
Vulnerability from nvd – Published: 2026-03-02 19:41 – Updated: 2026-03-02 20:15
VLAI
Title
Exiv2: Out-of-bounds read in CrwMap::decode0x0805
Summary
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/pull/3462 | x_refsource_MISC |
| https://github.com/Exiv2/exiv2/commit/cbba4d20651… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T20:15:01.199664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T20:15:22.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003c 0.28.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T19:41:21.157Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/3462",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/3462"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d"
}
],
"source": {
"advisory": "GHSA-9mxq-4j5g-5wrp",
"discovery": "UNKNOWN"
},
"title": "Exiv2: Out-of-bounds read in CrwMap::decode0x0805"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25884",
"datePublished": "2026-03-02T19:41:21.157Z",
"dateReserved": "2026-02-06T21:08:39.129Z",
"dateUpdated": "2026-03-02T20:15:22.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55304 (GCVE-0-2025-55304)
Vulnerability from nvd – Published: 2025-08-29 15:00 – Updated: 2025-08-29 15:27
VLAI
Title
Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata
Summary
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-407 - Inefficient Algorithmic Complexity
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/issues/3333 | x_refsource_MISC |
| https://github.com/Exiv2/exiv2/pull/3335 | x_refsource_MISC |
| https://github.com/Exiv2/exiv2/pull/3345 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T15:26:15.679554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T15:27:17.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003c 0.28.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407: Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T15:00:05.975Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g"
},
{
"name": "https://github.com/Exiv2/exiv2/issues/3333",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/3333"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/3335",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/3335"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/3345",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/3345"
}
],
"source": {
"advisory": "GHSA-m54q-mm9w-fp6g",
"discovery": "UNKNOWN"
},
"title": "Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-55304",
"datePublished": "2025-08-29T15:00:05.975Z",
"dateReserved": "2025-08-12T16:15:30.238Z",
"dateUpdated": "2025-08-29T15:27:17.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54080 (GCVE-0-2025-54080)
Vulnerability from nvd – Published: 2025-08-29 14:50 – Updated: 2025-08-29 14:58
VLAI
Title
Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file
Summary
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. The bug is fixed in version 0.28.6.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/commit/e7373324277… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54080",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T14:58:11.442776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T14:58:23.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003c 0.28.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. The bug is fixed in version 0.28.6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T14:50:17.623Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/e737332427711f15bcdc4e903203d6b7493eaec0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/commit/e737332427711f15bcdc4e903203d6b7493eaec0"
}
],
"source": {
"advisory": "GHSA-496f-x7cq-cq39",
"discovery": "UNKNOWN"
},
"title": "Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54080",
"datePublished": "2025-08-29T14:50:17.623Z",
"dateReserved": "2025-07-16T13:22:18.207Z",
"dateUpdated": "2025-08-29T14:58:23.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26623 (GCVE-0-2025-26623)
Vulnerability from nvd – Published: 2025-02-18 19:24 – Updated: 2025-02-19 15:15
VLAI
Title
Use After Free in Exiv2
Summary
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fixiso`. The bug is fixed in version v0.28.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/issues/3168 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26623",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T14:53:08.072267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T15:15:44.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.28.0, \u003c 0.28.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fixiso`. The bug is fixed in version v0.28.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:24:31.701Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7"
},
{
"name": "https://github.com/Exiv2/exiv2/issues/3168",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/3168"
}
],
"source": {
"advisory": "GHSA-38h4-fx85-qcx7",
"discovery": "UNKNOWN"
},
"title": "Use After Free in Exiv2"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-26623",
"datePublished": "2025-02-18T19:24:31.701Z",
"dateReserved": "2025-02-12T14:51:02.719Z",
"dateUpdated": "2025-02-19T15:15:44.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39695 (GCVE-0-2024-39695)
Vulnerability from nvd – Published: 2024-07-08 15:14 – Updated: 2024-08-02 04:26
VLAI
Title
Exiv2 has an out-of-bounds read in AsfVideo::streamProperties
Summary
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/pull/3006 | x_refsource_MISC |
| https://github.com/Exiv2/exiv2/commit/3a28346db5a… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:exiv2:exiv2:0.28.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "exiv2",
"vendor": "exiv2",
"versions": [
{
"lessThan": "0.28.3",
"status": "affected",
"version": "0.28.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T20:00:33.240459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T20:01:52.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/3006",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/pull/3006"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.28.0, \u003c 0.28.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T15:14:27.639Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/3006",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/3006"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387"
}
],
"source": {
"advisory": "GHSA-38rv-8x93-pvrh",
"discovery": "UNKNOWN"
},
"title": "Exiv2 has an out-of-bounds read in AsfVideo::streamProperties"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39695",
"datePublished": "2024-07-08T15:14:27.639Z",
"dateReserved": "2024-06-27T18:44:13.037Z",
"dateUpdated": "2024-08-02T04:26:15.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25112 (GCVE-0-2024-25112)
Vulnerability from nvd – Published: 2024-02-12 22:11 – Updated: 2024-08-01 23:36
VLAI
Title
Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2
Summary
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/pull/2337 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T20:18:13.889013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:35:36.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/2337",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/pull/2337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.28.0 \u003c 0.28.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-12T22:11:13.693Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/2337",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/2337"
}
],
"source": {
"advisory": "GHSA-crmj-qh74-2r36",
"discovery": "UNKNOWN"
},
"title": "Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25112",
"datePublished": "2024-02-12T22:11:13.693Z",
"dateReserved": "2024-02-05T14:14:46.378Z",
"dateUpdated": "2024-08-01T23:36:21.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24826 (GCVE-0-2024-24826)
Vulnerability from nvd – Published: 2024-02-12 22:17 – Updated: 2024-08-01 23:28
VLAI
Title
Out-of-bounds read in QuickTimeVideo::NikonTagsDecoder in Exiv2
Summary
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/pull/2337 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T18:27:39.849149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T18:27:48.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/2337",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/pull/2337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.28.0, \u003c 0.28.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-12T22:17:27.997Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/2337",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/2337"
}
],
"source": {
"advisory": "GHSA-g9xm-7538-mq8w",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read in QuickTimeVideo::NikonTagsDecoder in Exiv2"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24826",
"datePublished": "2024-02-12T22:17:27.997Z",
"dateReserved": "2024-01-31T16:28:17.945Z",
"dateUpdated": "2024-08-01T23:28:12.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44398 (GCVE-0-2023-44398)
Vulnerability from nvd – Published: 2023-11-06 17:30 – Updated: 2025-02-26 21:15
VLAI
Title
Out-of-bounds write in exiv2
Summary
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/commit/e884a095535… | x_refsource_MISC |
| https://security.gentoo.org/glsa/202312-06 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:32.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:14:54.618844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T21:15:17.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "= 0.28.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T10:06:49.495Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5"
},
{
"url": "https://security.gentoo.org/glsa/202312-06"
}
],
"source": {
"advisory": "GHSA-hrw9-ggg3-3r4r",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds write in exiv2"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-44398",
"datePublished": "2023-11-06T17:30:54.394Z",
"dateReserved": "2023-09-28T17:56:32.614Z",
"dateUpdated": "2025-02-26T21:15:17.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18831 (GCVE-0-2020-18831)
Vulnerability from nvd – Published: 2023-08-22 00:00 – Updated: 2024-10-04 16:32
VLAI
Summary
Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
2 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/828"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.exiv2.org/download.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-18831",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T16:32:06.177692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T16:32:24.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-22T15:44:12.109Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Exiv2/exiv2/issues/828"
},
{
"url": "https://www.exiv2.org/download.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18831",
"datePublished": "2023-08-22T00:00:00.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-10-04T16:32:24.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18774 (GCVE-0-2020-18774)
Vulnerability from nvd – Published: 2021-08-23 00:00 – Updated: 2024-08-04 14:08
VLAI
Summary
A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/issues/759 | |
| https://security.gentoo.org/glsa/202312-06 | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/759"
},
{
"name": "GLSA-202312-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T10:06:56.805Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Exiv2/exiv2/issues/759"
},
{
"name": "GLSA-202312-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18774",
"datePublished": "2021-08-23T00:00:00.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:08:30.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18773 (GCVE-0-2020-18773)
Vulnerability from nvd – Published: 2021-08-23 00:00 – Updated: 2024-08-04 14:08
VLAI
Summary
An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/issues/760 | |
| https://security.gentoo.org/glsa/202312-06 | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/760"
},
{
"name": "GLSA-202312-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T10:06:37.313Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Exiv2/exiv2/issues/760"
},
{
"name": "GLSA-202312-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18773",
"datePublished": "2021-08-23T00:00:00.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:08:30.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18771 (GCVE-0-2020-18771)
Vulnerability from nvd – Published: 2021-08-23 00:00 – Updated: 2024-11-18 21:43
VLAI
Summary
Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
4 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/756"
},
{
"tags": [
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/126.html"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
},
{
"name": "GLSA-202312-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-18771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-03T19:32:41.680250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T21:43:21.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T10:06:40.541Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Exiv2/exiv2/issues/756"
},
{
"url": "https://cwe.mitre.org/data/definitions/126.html"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
},
{
"name": "GLSA-202312-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18771",
"datePublished": "2021-08-23T00:00:00.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-11-18T21:43:21.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18899 (GCVE-0-2020-18899)
Vulnerability from nvd – Published: 2021-08-19 00:00 – Updated: 2024-10-15 15:11
VLAI
Summary
An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
3 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/742"
},
{
"tags": [
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/789.html"
},
{
"name": "GLSA-202312-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-18899",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T20:38:19.037316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T15:11:22.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T10:06:35.899Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Exiv2/exiv2/issues/742"
},
{
"url": "https://cwe.mitre.org/data/definitions/789.html"
},
{
"name": "GLSA-202312-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18899",
"datePublished": "2021-08-19T00:00:00.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-10-15T15:11:22.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18898 (GCVE-0-2020-18898)
Vulnerability from nvd – Published: 2021-08-19 21:20 – Updated: 2024-08-04 14:08
VLAI
Summary
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/issues/741 | x_refsource_MISC |
| https://cwe.mitre.org/data/definitions/674.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/741"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/674.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:16:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/741"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/674.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-18898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/741",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/741"
},
{
"name": "https://cwe.mitre.org/data/definitions/674.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/674.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18898",
"datePublished": "2021-08-19T21:20:36.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:08:30.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-25884 (GCVE-0-2026-25884)
Vulnerability from cvelistv5 – Published: 2026-03-02 19:41 – Updated: 2026-03-02 20:15
VLAI
Title
Exiv2: Out-of-bounds read in CrwMap::decode0x0805
Summary
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/pull/3462 | x_refsource_MISC |
| https://github.com/Exiv2/exiv2/commit/cbba4d20651… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T20:15:01.199664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T20:15:22.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003c 0.28.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T19:41:21.157Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/3462",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/3462"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d"
}
],
"source": {
"advisory": "GHSA-9mxq-4j5g-5wrp",
"discovery": "UNKNOWN"
},
"title": "Exiv2: Out-of-bounds read in CrwMap::decode0x0805"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25884",
"datePublished": "2026-03-02T19:41:21.157Z",
"dateReserved": "2026-02-06T21:08:39.129Z",
"dateUpdated": "2026-03-02T20:15:22.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27596 (GCVE-0-2026-27596)
Vulnerability from cvelistv5 – Published: 2026-03-02 19:40 – Updated: 2026-03-02 20:25
VLAI
Title
Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow
Summary
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/issues/3511 | x_refsource_MISC |
| https://github.com/Exiv2/exiv2/pull/3512 | x_refsource_MISC |
| https://github.com/Exiv2/exiv2/commit/eaa9e21aabe… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T20:25:12.745500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T20:25:31.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003c 0.28.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T19:40:48.559Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-3wgv-fg4w-75x7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-3wgv-fg4w-75x7"
},
{
"name": "https://github.com/Exiv2/exiv2/issues/3511",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/3511"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/3512",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/3512"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/eaa9e21aabe06b3f91cfe66686f5ebc3ca3c0ed4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/commit/eaa9e21aabe06b3f91cfe66686f5ebc3ca3c0ed4"
}
],
"source": {
"advisory": "GHSA-3wgv-fg4w-75x7",
"discovery": "UNKNOWN"
},
"title": "Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27596",
"datePublished": "2026-03-02T19:40:48.559Z",
"dateReserved": "2026-02-20T19:43:14.601Z",
"dateUpdated": "2026-03-02T20:25:31.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27631 (GCVE-0-2026-27631)
Vulnerability from cvelistv5 – Published: 2026-03-02 19:40 – Updated: 2026-03-02 20:28
VLAI
Title
Exiv2: Uncaught exception - cannot create std::vector larger than max_size()
Summary
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/issues/3513 | x_refsource_MISC |
| https://github.com/Exiv2/exiv2/pull/3514 | x_refsource_MISC |
| https://github.com/Exiv2/exiv2/commit/659db316eef… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27631",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T20:27:04.449308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T20:28:01.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003c 0.28.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T19:40:45.351Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j"
},
{
"name": "https://github.com/Exiv2/exiv2/issues/3513",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/3513"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/3514",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/3514"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df"
}
],
"source": {
"advisory": "GHSA-p2pw-7935-c73j",
"discovery": "UNKNOWN"
},
"title": "Exiv2: Uncaught exception - cannot create std::vector larger than max_size()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27631",
"datePublished": "2026-03-02T19:40:45.351Z",
"dateReserved": "2026-02-20T22:02:30.028Z",
"dateUpdated": "2026-03-02T20:28:01.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55304 (GCVE-0-2025-55304)
Vulnerability from cvelistv5 – Published: 2025-08-29 15:00 – Updated: 2025-08-29 15:27
VLAI
Title
Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata
Summary
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-407 - Inefficient Algorithmic Complexity
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/issues/3333 | x_refsource_MISC |
| https://github.com/Exiv2/exiv2/pull/3335 | x_refsource_MISC |
| https://github.com/Exiv2/exiv2/pull/3345 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T15:26:15.679554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T15:27:17.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003c 0.28.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407: Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T15:00:05.975Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g"
},
{
"name": "https://github.com/Exiv2/exiv2/issues/3333",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/3333"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/3335",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/3335"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/3345",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/3345"
}
],
"source": {
"advisory": "GHSA-m54q-mm9w-fp6g",
"discovery": "UNKNOWN"
},
"title": "Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-55304",
"datePublished": "2025-08-29T15:00:05.975Z",
"dateReserved": "2025-08-12T16:15:30.238Z",
"dateUpdated": "2025-08-29T15:27:17.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54080 (GCVE-0-2025-54080)
Vulnerability from cvelistv5 – Published: 2025-08-29 14:50 – Updated: 2025-08-29 14:58
VLAI
Title
Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file
Summary
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. The bug is fixed in version 0.28.6.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/commit/e7373324277… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54080",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T14:58:11.442776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T14:58:23.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003c 0.28.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. The bug is fixed in version 0.28.6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T14:50:17.623Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/e737332427711f15bcdc4e903203d6b7493eaec0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/commit/e737332427711f15bcdc4e903203d6b7493eaec0"
}
],
"source": {
"advisory": "GHSA-496f-x7cq-cq39",
"discovery": "UNKNOWN"
},
"title": "Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54080",
"datePublished": "2025-08-29T14:50:17.623Z",
"dateReserved": "2025-07-16T13:22:18.207Z",
"dateUpdated": "2025-08-29T14:58:23.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26623 (GCVE-0-2025-26623)
Vulnerability from cvelistv5 – Published: 2025-02-18 19:24 – Updated: 2025-02-19 15:15
VLAI
Title
Use After Free in Exiv2
Summary
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fixiso`. The bug is fixed in version v0.28.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/issues/3168 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26623",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T14:53:08.072267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T15:15:44.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.28.0, \u003c 0.28.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fixiso`. The bug is fixed in version v0.28.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:24:31.701Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7"
},
{
"name": "https://github.com/Exiv2/exiv2/issues/3168",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/issues/3168"
}
],
"source": {
"advisory": "GHSA-38h4-fx85-qcx7",
"discovery": "UNKNOWN"
},
"title": "Use After Free in Exiv2"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-26623",
"datePublished": "2025-02-18T19:24:31.701Z",
"dateReserved": "2025-02-12T14:51:02.719Z",
"dateUpdated": "2025-02-19T15:15:44.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39695 (GCVE-0-2024-39695)
Vulnerability from cvelistv5 – Published: 2024-07-08 15:14 – Updated: 2024-08-02 04:26
VLAI
Title
Exiv2 has an out-of-bounds read in AsfVideo::streamProperties
Summary
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/pull/3006 | x_refsource_MISC |
| https://github.com/Exiv2/exiv2/commit/3a28346db5a… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:exiv2:exiv2:0.28.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "exiv2",
"vendor": "exiv2",
"versions": [
{
"lessThan": "0.28.3",
"status": "affected",
"version": "0.28.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T20:00:33.240459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T20:01:52.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/3006",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/pull/3006"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.28.0, \u003c 0.28.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T15:14:27.639Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/3006",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/3006"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387"
}
],
"source": {
"advisory": "GHSA-38rv-8x93-pvrh",
"discovery": "UNKNOWN"
},
"title": "Exiv2 has an out-of-bounds read in AsfVideo::streamProperties"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39695",
"datePublished": "2024-07-08T15:14:27.639Z",
"dateReserved": "2024-06-27T18:44:13.037Z",
"dateUpdated": "2024-08-02T04:26:15.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24826 (GCVE-0-2024-24826)
Vulnerability from cvelistv5 – Published: 2024-02-12 22:17 – Updated: 2024-08-01 23:28
VLAI
Title
Out-of-bounds read in QuickTimeVideo::NikonTagsDecoder in Exiv2
Summary
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/pull/2337 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T18:27:39.849149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T18:27:48.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/2337",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/pull/2337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.28.0, \u003c 0.28.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-12T22:17:27.997Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/2337",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/2337"
}
],
"source": {
"advisory": "GHSA-g9xm-7538-mq8w",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read in QuickTimeVideo::NikonTagsDecoder in Exiv2"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24826",
"datePublished": "2024-02-12T22:17:27.997Z",
"dateReserved": "2024-01-31T16:28:17.945Z",
"dateUpdated": "2024-08-01T23:28:12.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25112 (GCVE-0-2024-25112)
Vulnerability from cvelistv5 – Published: 2024-02-12 22:11 – Updated: 2024-08-01 23:36
VLAI
Title
Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2
Summary
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/pull/2337 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T20:18:13.889013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:35:36.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/2337",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/pull/2337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.28.0 \u003c 0.28.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-12T22:11:13.693Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/2337",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/pull/2337"
}
],
"source": {
"advisory": "GHSA-crmj-qh74-2r36",
"discovery": "UNKNOWN"
},
"title": "Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25112",
"datePublished": "2024-02-12T22:11:13.693Z",
"dateReserved": "2024-02-05T14:14:46.378Z",
"dateUpdated": "2024-08-01T23:36:21.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44398 (GCVE-0-2023-44398)
Vulnerability from cvelistv5 – Published: 2023-11-06 17:30 – Updated: 2025-02-26 21:15
VLAI
Title
Out-of-bounds write in exiv2
Summary
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Exiv2/exiv2/commit/e884a095535… | x_refsource_MISC |
| https://security.gentoo.org/glsa/202312-06 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:32.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:14:54.618844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T21:15:17.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "exiv2",
"vendor": "Exiv2",
"versions": [
{
"status": "affected",
"version": "= 0.28.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T10:06:49.495Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r"
},
{
"name": "https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5"
},
{
"url": "https://security.gentoo.org/glsa/202312-06"
}
],
"source": {
"advisory": "GHSA-hrw9-ggg3-3r4r",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds write in exiv2"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-44398",
"datePublished": "2023-11-06T17:30:54.394Z",
"dateReserved": "2023-09-28T17:56:32.614Z",
"dateUpdated": "2025-02-26T21:15:17.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18831 (GCVE-0-2020-18831)
Vulnerability from cvelistv5 – Published: 2023-08-22 00:00 – Updated: 2024-10-04 16:32
VLAI
Summary
Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
2 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/828"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.exiv2.org/download.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-18831",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T16:32:06.177692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T16:32:24.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-22T15:44:12.109Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Exiv2/exiv2/issues/828"
},
{
"url": "https://www.exiv2.org/download.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18831",
"datePublished": "2023-08-22T00:00:00.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-10-04T16:32:24.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18773 (GCVE-0-2020-18773)
Vulnerability from cvelistv5 – Published: 2021-08-23 00:00 – Updated: 2024-08-04 14:08
VLAI
Summary
An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/issues/760 | |
| https://security.gentoo.org/glsa/202312-06 | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/760"
},
{
"name": "GLSA-202312-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T10:06:37.313Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Exiv2/exiv2/issues/760"
},
{
"name": "GLSA-202312-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18773",
"datePublished": "2021-08-23T00:00:00.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:08:30.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18774 (GCVE-0-2020-18774)
Vulnerability from cvelistv5 – Published: 2021-08-23 00:00 – Updated: 2024-08-04 14:08
VLAI
Summary
A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Exiv2/exiv2/issues/759 | |
| https://security.gentoo.org/glsa/202312-06 | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/759"
},
{
"name": "GLSA-202312-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T10:06:56.805Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Exiv2/exiv2/issues/759"
},
{
"name": "GLSA-202312-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18774",
"datePublished": "2021-08-23T00:00:00.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:08:30.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18771 (GCVE-0-2020-18771)
Vulnerability from cvelistv5 – Published: 2021-08-23 00:00 – Updated: 2024-11-18 21:43
VLAI
Summary
Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
4 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Exiv2/exiv2/issues/756"
},
{
"tags": [
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/126.html"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
},
{
"name": "GLSA-202312-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-18771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-03T19:32:41.680250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T21:43:21.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T10:06:40.541Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Exiv2/exiv2/issues/756"
},
{
"url": "https://cwe.mitre.org/data/definitions/126.html"
},
{
"name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html"
},
{
"name": "GLSA-202312-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18771",
"datePublished": "2021-08-23T00:00:00.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-11-18T21:43:21.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}