9 matches found
CVE-2026-8813
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...
EUVD-2026-30838
ExifReader is vulnerable to denial of service via crafted ICC mluc tag...
GHSA-H64W-W9PR-82M4 ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag
Impact When parsing an image with an embedded ICC profile that contains a crafted multiLocalizedUnicodeType mluc tag, ExifReader can be made to allocate memory proportional to attacker-controlled fields in the tag rather than to the actual size of the input. Processing such an image causes...
CVE-2026-8813
CVE-2026-8813 affects exifreader before 4.39.0. A crafted ICC profile mluc tag allows an attacker-controlled record count with a zero record size, causing the parser to repeatedly process the same records and grow memory usage, leading to DoS. Proof-of-concept in SNYK shows a large loop with mluc...
CVE-2026-8813
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...
CVE-2026-8813
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...
PT-2026-41831
Name of the Vulnerable Software and Affected Versions exifreader versions prior to 4.39.0 Description A crafted image containing an ICC mluc tag can specify an attacker-controlled record count combined with a zero record size. During the parsing process, the software repeatedly processes the same...
Improper Validation of Specified Quantity in Input
Overview exifreader is a Library that parses Exif metadata in images. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size...
Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way Java handles color profiles. When parsing a...