CVE-2026-25884
EUVD-2026-925902.03.2026, 20:16
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| exiv2 | exiv2 | 𝑥 < 0.28.8 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| libexiv2-26 |
| ||||||||
| libexiv2-27 |
| ||||||||
| libexiv2-devel |
| ||||||||
| libexiv2-xmp-static |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| exiv2 |
| ||||
| exiv2-debuginfo |
| ||||
| exiv2-debugsource |
| ||||
| exiv2-devel |
| ||||
| exiv2-doc |
| ||||
| exiv2-libs |
| ||||
| exiv2-libs-debuginfo |
|
Common Weakness Enumeration