CVE-2026-27596
EUVD-2026-926202.03.2026, 20:16
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| exiv2 | exiv2 | 𝑥 < 0.28.8 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| libexiv2-26 |
| ||||||||
| libexiv2-27 |
| ||||||||
| libexiv2-devel |
| ||||||||
| libexiv2-xmp-static |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| exiv2 |
| ||||
| exiv2-debuginfo |
| ||||
| exiv2-debugsource |
| ||||
| exiv2-devel |
| ||||
| exiv2-doc |
| ||||
| exiv2-libs |
| ||||
| exiv2-libs-debuginfo |
|
Common Weakness Enumeration