@activeboxes/piece-image-helper (=0.1.0), @activepieces/piece-image-helper (>=0.0.5 <=0.1.12) +65 more potentially affected by CVE-2026-8813 via exifreader (>=2.13.1 <=4.38.1)

exifreader NPM version =2.13.1, =0.0.5, =0.1.0, =1.8.0, =1.0.2, =1.1.17, =1.0.6, =0.0.17, =4.10.0, =4.10.2 - @juhasztibi/browser-image-resizer =2.2.1 and more Source cves: CVE-2026-8813 Source advisory: OSV:GHSA-H64W-W9PR-82M4...

CVE-2026-8814

Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...

PT-2026-41831

Name of the Vulnerable Software and Affected Versions exifreader versions prior to 4.39.0 Description A crafted image containing an ICC mluc tag can specify an attacker-controlled record count combined with a zero record size. During the parsing process, the software repeatedly processes the same...

@activeboxes/piece-image-helper (=0.1.0), @activepieces/piece-image-helper (>=0.0.5 <=0.1.12) +21 more potentially affected by CVE-2026-8814 via exifreader (>=4.13.2 <=4.38.1)

exifreader NPM version =4.13.2, =0.0.5, =0.1.0, =1.18.1, =1.0.2, =1.0.6, =4.10.0, =1.0.0-beta.141, =0.1.9, =0.0.8, =10.0.8 and more Source cves: CVE-2026-8814 Source advisory: SNYK:JS-EXIFREADER-16689340...

@activeboxes/piece-image-helper (=0.1.0), @activepieces/piece-image-helper (>=0.0.5 <=0.1.12) +21 more potentially affected by CVE-2026-8813 via exifreader (>=4.13.2 <=4.38.1)

exifreader NPM version =4.13.2, =0.0.5, =0.1.0, =1.18.1, =1.0.2, =1.0.6, =4.10.0, =1.0.0-beta.141, =0.1.9, =0.0.8, =10.0.8 and more Source cves: CVE-2026-8813 Source advisory: SNYK:JS-EXIFREADER-16689335...