CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26623 – Use After Free in Exiv2
https://notcve.org/view.php?id=CVE-2025-26623
18 Feb 2025 — Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. • https://github.com/Exiv2/exiv2/issues/3168 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39695 – Exiv2 has an out-of-bounds read in AsfVideo::streamProperties
https://notcve.org/view.php?id=CVE-2024-39695
08 Jul 2024 — Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3. • https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24826 – Out-of-bounds read in QuickTimeVideo::NikonTagsDecoder in Exiv2
https://notcve.org/view.php?id=CVE-2024-24826
12 Feb 2024 — Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. • https://github.com/Exiv2/exiv2/pull/2337 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25112 – Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2
https://notcve.org/view.php?id=CVE-2024-25112
12 Feb 2024 — Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in v... • https://github.com/Exiv2/exiv2/pull/2337 • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44398 – Out-of-bounds write in exiv2
https://notcve.org/view.php?id=CVE-2023-44398
06 Nov 2023 — Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the v... • https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5 • CWE-787: Out-of-bounds Write •