Vulnerability Details CVE-2026-25884
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.9%
CVSS Severity
CVSS v3 Score 8.1
References
Products affected by CVE-2026-25884
-
cpe:2.3:a:exiv2:exiv2:-
-
cpe:2.3:a:exiv2:exiv2:0.10
-
cpe:2.3:a:exiv2:exiv2:0.11
-
cpe:2.3:a:exiv2:exiv2:0.12
-
cpe:2.3:a:exiv2:exiv2:0.13
-
cpe:2.3:a:exiv2:exiv2:0.14
-
cpe:2.3:a:exiv2:exiv2:0.15
-
cpe:2.3:a:exiv2:exiv2:0.16
-
cpe:2.3:a:exiv2:exiv2:0.17
-
cpe:2.3:a:exiv2:exiv2:0.17.1
-
cpe:2.3:a:exiv2:exiv2:0.18
-
cpe:2.3:a:exiv2:exiv2:0.18.1
-
cpe:2.3:a:exiv2:exiv2:0.18.2
-
cpe:2.3:a:exiv2:exiv2:0.19
-
cpe:2.3:a:exiv2:exiv2:0.20
-
cpe:2.3:a:exiv2:exiv2:0.21
-
cpe:2.3:a:exiv2:exiv2:0.21.1
-
cpe:2.3:a:exiv2:exiv2:0.22
-
cpe:2.3:a:exiv2:exiv2:0.23
-
cpe:2.3:a:exiv2:exiv2:0.24
-
cpe:2.3:a:exiv2:exiv2:0.25
-
cpe:2.3:a:exiv2:exiv2:0.26
-
cpe:2.3:a:exiv2:exiv2:0.27
-
cpe:2.3:a:exiv2:exiv2:0.27.1
-
cpe:2.3:a:exiv2:exiv2:0.27.2
-
cpe:2.3:a:exiv2:exiv2:0.27.3
-
cpe:2.3:a:exiv2:exiv2:0.27.4
-
cpe:2.3:a:exiv2:exiv2:0.27.99.0
-
cpe:2.3:a:exiv2:exiv2:0.28.0
-
cpe:2.3:a:exiv2:exiv2:0.28.1
-
cpe:2.3:a:exiv2:exiv2:0.28.2
-
cpe:2.3:a:exiv2:exiv2:0.28.3
-
cpe:2.3:a:exiv2:exiv2:0.28.4
-
cpe:2.3:a:exiv2:exiv2:0.28.5
-
cpe:2.3:a:exiv2:exiv2:0.28.6
-
cpe:2.3:a:exiv2:exiv2:0.28.7
-
cpe:2.3:a:exiv2:exiv2:0.3
-
cpe:2.3:a:exiv2:exiv2:0.4
-
cpe:2.3:a:exiv2:exiv2:0.5
-
cpe:2.3:a:exiv2:exiv2:0.6
-
cpe:2.3:a:exiv2:exiv2:0.6.1
-
cpe:2.3:a:exiv2:exiv2:0.6.2
-
cpe:2.3:a:exiv2:exiv2:0.7
-
cpe:2.3:a:exiv2:exiv2:0.8
-
cpe:2.3:a:exiv2:exiv2:0.9
-
cpe:2.3:a:exiv2:exiv2:0.9.1