Unity Linux 20.1060e / 20.1070e Security Update: exiv2 (UTSA-2026-017634)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017634 advisory. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2...

Apache Polaris has an Improper Input Validation issue

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...

Incorrect Authorization

Overview org.apache.polaris:polaris-runtime-service is an a catalog for data lakes. It provides new levels of choice, flexibility and control over data, with full enterprise security and Apache Iceberg interoperability across a multitude of engines and infrastructure Affected versions of this...

CVE-2026-42812

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...

CVE-2026-42809 Apache Polaris: staged table creation could vend storage credentials for unvalidated locations

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

CVE-2026-42812 Apache Polaris: No protection on `write.metadata.path`

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...

PT-2026-36670

Name of the Vulnerable Software and Affected Versions Apache Polaris version 1.4.0 Description Apache Polaris fails to properly escape namespace and table identifiers when constructing Common Expression Language CEL strings for Google Cloud Storage GCS Credential Access Boundaries CAB. This allow...

PT-2026-36671

Name of the Vulnerable Software and Affected Versions Apache Polaris versions prior to 1.4.1 Description Changing the write.metadata.path table property via an ALTER TABLE settings change allows a user to bypass the commit-time branch intended to revalidate storage locations. This defect enables...

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the WriteMetadata process. An attacker can manipulate files, create or overwrite arbitrary files, and establish symlinks or hard links by injecting specially crafted metadata values containing newline...

Medium: exiv2

Issue Overview: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted...

Medium: exiv2

Issue Overview: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted...

EUVD-2025-26207

Malicious code in bioql PyPI...

FreeBSD : exiv2 -- Out-of-bounds read in Exiv2::EpsImage::writeMetadata() (84a77710-8958-11f0-b6e5-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 84a77710-8958-11f0-b6e5-4ccc6adda413 advisory. Kevin Backhouse reports: An out-of-bounds read was found in Exiv2 versions v0.28.5 and earlier. Exiv2 i...

CVE-2025-54080 Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An...

CVE-2025-54080 Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An...

CVE-2025-54080

CVE-2025-54080 (Exiv2) is an out-of-bounds read vulnerability in Exiv2 up to version 0.28.5 that is triggered when writing metadata to a crafted image. The issue can cause a denial of service by crashing Exiv2, when a user runs the tool on a manipulated image file. The root cause is an out-of-bou...

GHSA-496F-X7CQ-CQ39 Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file

Impact An out-of-bounds read was found in Exiv2 versions v0.28.5 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image...

OESA-2025-1198 exiv2 security update

Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats. Security Fixes: Exiv2 is a C++ library and a...

PT-2025-35220

Name of the Vulnerable Software and Affected Versions Exiv2 versions 0.28.5 and earlier Description Exiv2 is a C++ library and command-line utility used for reading, writing, deleting, and modifying image metadata Exif, IPTC, XMP, and ICC. An out-of-bounds read vulnerability exists when Exiv2...

SUSE CVE-2021-29457

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An...