RLSA-2026:20929 Moderate: libexif security update

The libexif packages provide a library for extracting extra information from image files. Security Fixes: libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling CVE-2026-40385 libexif: libexif: Denial of Service and information disclosure via integer...

Amazon Linux 2 : exiv2, --advisory ALAS2-2026-3201 (ALAS-2026-3201)

The version of exiv2 installed on the remote host is prior to 0.27.0-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3201 advisory. Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata...

AZL-78624 CVE-2026-27596 affecting package exiv2 0.28.0-1

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra...

UBUNTU-CVE-2026-27596

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra...

EUVD-2026-9262

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra...

CVE-2026-27596

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra...

CVE-2026-27631

CVE-2026-27631 affects the Exiv2 library/editor. The vulnerability resides in the preview component and is triggered when Exiv2 is run with an extra command line argument (e.g., -pp). An integer overflow can cause code to attempt to create a huge std::vector, leading to a crash via an uncaught ex...

Exiv2 缓冲区错误漏洞

Exiv2 is a C++ library and command-line application developed by Andreas Huggel, designed for managing image metadata. This product provides functionality for reading and writing image metadata in various formats such as EXIF, IPTC, and XMP. Versions of Exiv2 prior to 0.28.8 contained a buffer...

OESA-2025-2117 exiv2 security update

Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats. Security Fixes: A vulnerability, which was classifie...

UBUNTU-CVE-2025-55304

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata can cause Exiv2 to run for a long time...

ALSA-2025:7457 Moderate: exiv2 security update

Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Security Fixes: exiv2: Use After Free in Exiv...

CVE-2025-32025 bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably...

SUSE CVE-2025-26623

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are not affected. Exiv2 is a command-line utility and C++...

UBUNTU-CVE-2025-26623

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are not affected. Exiv2 is a command-line utility and C++...

Exiv2 Security Vulnerability

Exiv2 is a set of C++ libraries and command line applications for managing image metadata from the individual developer Andreas Huggel. The product provides the ability to read and write image metadata in a variety of formats including EXIF, IPTC and XMP. A security vulnerability exists in Exiv2...

The vulnerability of the jpgimage.cpp component in the Exiv2 media metadata management library allows a attacker to cause a service failure.

The vulnerability of the jpgimage.cpp component in the Exiv2 media metadata management library is related to reading data beyond the permissible buffer size. Exploiting this vulnerability could allow a malicious actor to cause service failure by using a specially created JPEG image...

The vulnerability in the `QuickTimeVideo::decodeBlock` function of the `quicktimevideo.cpp` file in the library and command-line utilities for managing image metadata from Exiv2 allows a attacker to perform a denial-of-service attack.

The vulnerability in the QuickTimeVideo::decodeBlock function of the quicktimevideo.cpp file in the library and command-line utilities for managing image metadata in Exiv2 is related to pointer aliasing errors. Exploiting this vulnerability could allow an attacker to trigger a denial-of-service...

The vulnerability of the `Exiv2::Internal::Nikon1MakerNote::print0x0088` function in the `nikonmn_int.cpp` component of the Exiv2 metadata management library allows a perpetrator to access confidential data and also trigger a service failure.

The vulnerability of the Exiv2::Internal::Nikon1MakerNote::print0x0088 function in the nikonmnint.cpp component of the Exiv2 metadata management library is related to reading data beyond the allowed buffer size. Exploiting this vulnerability allows an attacker to access confidential data and also...

Exiv2 缓冲区错误漏洞

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. An out-of-bounds read vulnerability exists in Exiv2 0.27.3 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service via specially crafted image files...

DEBIAN-CVE-2020-13113

An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions...