16 matches found
EUVD-2026-30838
ExifReader is vulnerable to denial of service via crafted ICC mluc tag...
GHSA-H64W-W9PR-82M4 ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag
Impact When parsing an image with an embedded ICC profile that contains a crafted multiLocalizedUnicodeType mluc tag, ExifReader can be made to allocate memory proportional to attacker-controlled fields in the tag rather than to the actual size of the input. Processing such an image causes...
ExifReader is vulnerable to denial of service via unbounded decompression of image metadata
Impact Versions of ExifReader from 4.20.0 through 4.38.1 do not bound the size of decompressed metadata blocks. When a caller invokes the asynchronous API e.g. ExifReader.loadfile or ExifReader.loadbuffer, async: true on an attacker-supplied image, a small compressed chunk in the file can expand ...
GHSA-RR89-W3H9-M66J ExifReader is vulnerable to denial of service via unbounded decompression of image metadata
Impact Versions of ExifReader from 4.20.0 through 4.38.1 do not bound the size of decompressed metadata blocks. When a caller invokes the asynchronous API e.g. ExifReader.loadfile or ExifReader.loadbuffer, async: true on an attacker-supplied image, a small compressed chunk in the file can expand ...
CVE-2026-8814
Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...
CVE-2026-8814
Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...
CVE-2026-8814
Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...
CVE-2026-8814
Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...
CVE-2026-8813
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...
CVE-2026-8813
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...
PT-2026-41831
Name of the Vulnerable Software and Affected Versions exifreader versions prior to 4.39.0 Description A crafted image containing an ICC mluc tag can specify an attacker-controlled record count combined with a zero record size. During the parsing process, the software repeatedly processes the same...
ExifReader 安全漏洞
ExifReader is a image metadata extraction library developed by Mattias Wallander. Versions of ExifReader prior to 4.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size restrictions when decompressing PNG zTXt metadata, which could lead to the generation of...
279map-backend-common (>=0.1.2 <=0.33.1), @112dev/phunt-cli (>=1.0.0-beta.0 <=1.0.0-beta.2) +102 more potentially affected by CVE-2026-8814 via exifreader (>=4.13.2 <=4.38.1)
exifreader NPM version =4.13.2, =0.1.2, =1.0.0-beta.0, =1.0.0-beta.0, =0.0.5, =0.1.0, =1.0.1, =0.1.0, =0.10.0, =1.18.1, =1.0.2, =2.0.0, =0.1.0, =0.1.0-rc2 and more Source cves: CVE-2026-8814 Source advisory: SNYK:JS-EXIFREADER-16689340...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview exifreader is a Library that parses Exif metadata in images. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When...
279map-backend-common (>=0.1.2 <=0.33.1), @112dev/phunt-cli (>=1.0.0-beta.0 <=1.0.0-beta.2) +102 more potentially affected by CVE-2026-8813 via exifreader (>=4.13.2 <=4.38.1)
exifreader NPM version =4.13.2, =0.1.2, =1.0.0-beta.0, =1.0.0-beta.0, =0.0.5, =0.1.0, =1.0.1, =0.1.0, =0.10.0, =1.18.1, =1.0.2, =2.0.0, =0.1.0, =0.1.0-rc2 and more Source cves: CVE-2026-8813 Source advisory: SNYK:JS-EXIFREADER-16689335...
Improper Validation of Specified Quantity in Input
Overview exifreader is a Library that parses Exif metadata in images. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size...