AZL-78624 CVE-2026-27596 affecting package exiv2 0.28.0-1

🗓️ 02 Mar 2026 20:16:27Reported by GoogleType

osv

osv🔗 osv.dev

Out-of-bounds read in the preview component when an extra argument is used; fixed in version 0.28.8.

Reporter	Title	Published	Views	Family All 57
ATTACKERKB	CVE-2026-27596	2 Mar 202619:40	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : exiv2, exiv2-devel, exiv2-libs (ALAS2023-2026-1480)	30 Mar 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : exiv2, --advisory ALAS2-2026-3201 (ALAS-2026-3201)	19 Mar 202600:00	–	nessus
Tenable Nessus	Exiv2 0.28.7 Multiple Vulnerabilities	6 Mar 202600:00	–	nessus
Tenable Nessus	Fedora 42 : mingw-exiv2 (2026-592e4238fa)	12 Apr 202600:00	–	nessus
Tenable Nessus	Fedora 43 : mingw-exiv2 (2026-5eb6f779c0)	12 Apr 202600:00	–	nessus
Tenable Nessus	Fedora 44 : mingw-exiv2 (2026-7f4c2d1a4e)	28 Apr 202600:00	–	nessus
Tenable Nessus	GLSA-202603-01 : Exiv2: Multiple Vulnerabilities	9 Mar 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : exiv2 (openSUSE-SU-2026:20410-1)	29 Mar 202600:00	–	nessus
Tenable Nessus	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Exiv2 vulnerabilities (USN-8103-1)	19 Mar 202600:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-27596

21 Apr 2026 04:34Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.17.5

CVSS 46.9

EPSS0.00061

SSVC

image metadata library out of bounds read preview component extra argument security vulnerability patched version