CVE-2026-25884

Опубликовано: 02 мар. 2026

Источник: redhat

CVSS3: 5.3

Описание

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.

A flaw was found in Exiv2, a C++ library and command-line utility for image metadata. A remote attacker could exploit this out-of-bounds read vulnerability in the CRW image parser by providing a specially crafted CRW image file. This could lead to a denial of service, making the application unavailable.

Отчет

This LOW impact vulnerability in Exiv2, an image metadata library, involves an out-of-bounds read within its CRW image parser. Exploitation requires processing a specially crafted CRW image file.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	exiv2	Fix deferred
Red Hat Enterprise Linux 6	exiv2	Fix deferred
Red Hat Enterprise Linux 7	compat-exiv2-023	Fix deferred
Red Hat Enterprise Linux 7	compat-exiv2-026	Fix deferred
Red Hat Enterprise Linux 7	exiv2	Fix deferred
Red Hat Enterprise Linux 8	compat-exiv2-026	Fix deferred
Red Hat Enterprise Linux 8	exiv2	Fix deferred
Red Hat Enterprise Linux 9	exiv2	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=2443992Exiv2: Exiv2: Denial of service via out-of-bounds read in CRW image parser

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2026-25884

CVSS3: 8.1

ubuntu

26 дней назад

CVE-2026-25884

CVSS3: 8.1

nvd

26 дней назад

CVE-2026-25884

CVSS3: 8.1

debian

26 дней назад

Exiv2 is a C++ library and a command-line utility to read, write, dele ...

5.3 Medium

CVSS3