Vulnerability Details CVE-2025-55304
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.0%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2025-55304
-
cpe:2.3:a:exiv2:exiv2:-
-
cpe:2.3:a:exiv2:exiv2:0.10
-
cpe:2.3:a:exiv2:exiv2:0.11
-
cpe:2.3:a:exiv2:exiv2:0.12
-
cpe:2.3:a:exiv2:exiv2:0.13
-
cpe:2.3:a:exiv2:exiv2:0.14
-
cpe:2.3:a:exiv2:exiv2:0.15
-
cpe:2.3:a:exiv2:exiv2:0.16
-
cpe:2.3:a:exiv2:exiv2:0.17
-
cpe:2.3:a:exiv2:exiv2:0.17.1
-
cpe:2.3:a:exiv2:exiv2:0.18
-
cpe:2.3:a:exiv2:exiv2:0.18.1
-
cpe:2.3:a:exiv2:exiv2:0.18.2
-
cpe:2.3:a:exiv2:exiv2:0.19
-
cpe:2.3:a:exiv2:exiv2:0.20
-
cpe:2.3:a:exiv2:exiv2:0.21
-
cpe:2.3:a:exiv2:exiv2:0.21.1
-
cpe:2.3:a:exiv2:exiv2:0.22
-
cpe:2.3:a:exiv2:exiv2:0.23
-
cpe:2.3:a:exiv2:exiv2:0.24
-
cpe:2.3:a:exiv2:exiv2:0.25
-
cpe:2.3:a:exiv2:exiv2:0.26
-
cpe:2.3:a:exiv2:exiv2:0.27
-
cpe:2.3:a:exiv2:exiv2:0.27.1
-
cpe:2.3:a:exiv2:exiv2:0.27.2
-
cpe:2.3:a:exiv2:exiv2:0.27.3
-
cpe:2.3:a:exiv2:exiv2:0.27.4
-
cpe:2.3:a:exiv2:exiv2:0.27.99.0
-
cpe:2.3:a:exiv2:exiv2:0.28.0
-
cpe:2.3:a:exiv2:exiv2:0.28.1
-
cpe:2.3:a:exiv2:exiv2:0.28.2
-
cpe:2.3:a:exiv2:exiv2:0.28.3
-
cpe:2.3:a:exiv2:exiv2:0.28.4
-
cpe:2.3:a:exiv2:exiv2:0.28.5
-
cpe:2.3:a:exiv2:exiv2:0.3
-
cpe:2.3:a:exiv2:exiv2:0.4
-
cpe:2.3:a:exiv2:exiv2:0.5
-
cpe:2.3:a:exiv2:exiv2:0.6
-
cpe:2.3:a:exiv2:exiv2:0.6.1
-
cpe:2.3:a:exiv2:exiv2:0.6.2
-
cpe:2.3:a:exiv2:exiv2:0.7
-
cpe:2.3:a:exiv2:exiv2:0.8
-
cpe:2.3:a:exiv2:exiv2:0.9
-
cpe:2.3:a:exiv2:exiv2:0.9.1