CVE-2026-8814

Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...

PT-2026-41831

Name of the Vulnerable Software and Affected Versions exifreader versions prior to 4.39.0 Description A crafted image containing an ICC mluc tag can specify an attacker-controlled record count combined with a zero record size. During the parsing process, the software repeatedly processes the same...

279map-backend-common (>=0.1.2 <=0.33.1), @112dev/phunt-cli (>=1.0.0-beta.0 <=1.0.0-beta.2) +102 more potentially affected by CVE-2026-8814 via exifreader (>=4.13.2 <=4.38.1)

exifreader NPM version =4.13.2, =0.1.2, =1.0.0-beta.0, =1.0.0-beta.0, =0.0.5, =0.1.0, =1.0.1, =0.1.0, =0.10.0, =1.18.1, =1.0.2, =2.0.0, =0.1.0, =0.1.0-rc2 and more Source cves: CVE-2026-8814 Source advisory: SNYK:JS-EXIFREADER-16689340...

279map-backend-common (>=0.1.2 <=0.33.1), @112dev/phunt-cli (>=1.0.0-beta.0 <=1.0.0-beta.2) +102 more potentially affected by CVE-2026-8813 via exifreader (>=4.13.2 <=4.38.1)

exifreader NPM version =4.13.2, =0.1.2, =1.0.0-beta.0, =1.0.0-beta.0, =0.0.5, =0.1.0, =1.0.1, =0.1.0, =0.10.0, =1.18.1, =1.0.2, =2.0.0, =0.1.0, =0.1.0-rc2 and more Source cves: CVE-2026-8813 Source advisory: SNYK:JS-EXIFREADER-16689335...