Shodan
Vulnerabilities
Vulnerable Software
Exiv2:  >> Exiv2  >> 0.27.99.0  Security Vulnerabilities
CVE-2025-54080
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. The bug is fixed in version 0.28.6.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-08-29
CVE-2025-55304
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-08-29
CVE-2020-18773
An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-08-23
CVE-2020-18774
A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-08-23
CVE-2020-18771
Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak.
CVSS Score
8.1
EPSS Score
0.002
Published
2021-08-23
CVE-2019-14370
In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-07-28
CVE-2019-14368
Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-07-28
CVE-2019-14369
Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-07-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved