Moderate severityNVD Advisory· Published Feb 18, 2025· Updated Feb 19, 2025

Use After Free in Exiv2

CVE-2025-26623

Description

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are not affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as fixiso. The bug is fixed in version v0.28.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
Exiv2PyPI	>= 0.28.0, < 0.28.5	0.28.5

Affected products

Exiv2/Exiv2v5
Range: >= 0.28.0, < 0.28.5

Patches

4cc875e392f9

Merge pull request #46 from jim-easterbrook/devel

https://github.com/jim-easterbrook/python-exiv2Jim EasterbrookFeb 10, 2025via ghsa

commit

40 files changed · +22 −16

CHANGELOG.txt+4 −0 modified

@@ -16,6 +16,10 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see
 <http://www.gnu.org/licenses/>.
 
+Changes in v0.17.2:
+  1/ Binary wheels incorporate libexiv2 v0.28.4.
+  2/ Fix TimeValue test when run with local negative UTC offset.
+
 Changes in v0.17.1:
   1/ Fix crash when using localised exceptions on Windows.

.github/workflows/build-linux-28.yml+2 −2 modified

@@ -11,13 +11,13 @@ jobs:
       - name: Fetch Exiv2 source
         run: >
           wget -nv
-          https://github.com/Exiv2/exiv2/archive/refs/tags/v0.28.3.tar.gz
+          https://github.com/Exiv2/exiv2/archive/refs/tags/v0.28.4.tar.gz
           -O exiv2.tar.gz
 
       - name: Extract Exiv2 source
         run: |
           tar -xzf exiv2.tar.gz
-          mv exiv2-0.28.3 libexiv2
+          mv exiv2-0.28.4 libexiv2
 
       - name: Download inih
         run: >

.github/workflows/build-macos-28.yml+4 −3 modified

@@ -11,22 +11,23 @@ jobs:
       - name: Fetch Exiv2 source
         run: >
           wget -nv
-          https://github.com/Exiv2/exiv2/archive/refs/tags/v0.28.3.tar.gz
+          https://github.com/Exiv2/exiv2/archive/refs/tags/v0.28.4.tar.gz
           -O exiv2.tar.gz
 
       - name: Extract Exiv2 source
         shell: bash
         run: |
           tar -xzf exiv2.tar.gz
-          mv exiv2-0.28.3 libexiv2
+          mv exiv2-0.28.4 libexiv2
 
       - name: Build wheels
         uses: pypa/cibuildwheel@v2.22.0
         env:
           CIBW_ARCHS: x86_64
           CIBW_ENVIRONMENT: >
             EXIV2_ROOT=libexiv2/build-base_mac/install
-            MACOSX_DEPLOYMENT_TARGET="10.15"
+            MACOSX_DEPLOYMENT_TARGET="13.0"
+            SYSTEM_VERSION_COMPAT=0
           CIBW_SKIP: pp3*
           CIBW_TEST_COMMAND: >
             python -m exiv2 -v &&

.github/workflows/build-macos-arm-28.yml+4 −3 modified

@@ -11,22 +11,23 @@ jobs:
       - name: Fetch Exiv2 source
         run: >
           wget -nv
-          https://github.com/Exiv2/exiv2/archive/refs/tags/v0.28.3.tar.gz
+          https://github.com/Exiv2/exiv2/archive/refs/tags/v0.28.4.tar.gz
           -O exiv2.tar.gz
 
       - name: Extract Exiv2 source
         shell: bash
         run: |
           tar -xzf exiv2.tar.gz
-          mv exiv2-0.28.3 libexiv2
+          mv exiv2-0.28.4 libexiv2
 
       - name: Build wheels
         uses: pypa/cibuildwheel@v2.22.0
         env:
           CIBW_ARCHS: arm64
           CIBW_ENVIRONMENT: >
             EXIV2_ROOT=libexiv2/build-base_mac/install
-            MACOSX_DEPLOYMENT_TARGET="10.15"
+            MACOSX_DEPLOYMENT_TARGET="14.0"
+            SYSTEM_VERSION_COMPAT=0
           CIBW_SKIP: pp3*
           CIBW_TEST_COMMAND: >
             python -m exiv2 -v &&

.github/workflows/build-windows-28.yml+2 −2 modified

@@ -24,14 +24,14 @@ jobs:
       - name: Fetch Exiv2 source
         run: >
           c:\msys64\usr\bin\wget.exe -nv
-          https://github.com/Exiv2/exiv2/archive/refs/tags/v0.28.3.tar.gz
+          https://github.com/Exiv2/exiv2/archive/refs/tags/v0.28.4.tar.gz
           -O exiv2.tar.gz
 
       - name: Extract Exiv2 source
         shell: bash
         run: |
           tar -xzf exiv2.tar.gz
-          mv exiv2-0.28.3 libexiv2
+          mv exiv2-0.28.4 libexiv2
           # tweaks to allow NLS
           echo -e "24a25\n>         self.requires('libgettext/0.21')" |
           c:/msys64/usr/bin/patch.exe libexiv2/conanfile.py

README.rst+1 −1 modified

@@ -1,4 +1,4 @@
-python-exiv2 v\ 0.17.1
+python-exiv2 v\ 0.17.2
 ======================
 
 python-exiv2 is a low level interface (or binding) to the exiv2_ C++ library.

src/doc/requirements.txt+1 −1 modified

@@ -1,3 +1,3 @@
-exiv2 <= 0.17.1
+exiv2 <= 0.17.2
 sphinx == 7.2.6
 sphinx-rtd-theme == 2.0.0

src/swig-0_27_7/__init__.py+2 −2 modified

@@ -20,9 +20,9 @@ def __init__(self, code, message):
         self.message = message
 
 #: python-exiv2 version as a string
-__version__ = "0.17.1"
+__version__ = "0.17.2"
 #: python-exiv2 version as a tuple of ints
-__version_tuple__ = tuple((0, 17, 1))
+__version_tuple__ = tuple((0, 17, 2))
 
 __all__ = ["Exiv2Error"]
 from exiv2.basicio import *

src/swig-0_28_4/basicio.py+0 −0 renamed
src/swig-0_28_4/basicio_wrap.cxx+0 −0 renamed
src/swig-0_28_4/datasets.py+0 −0 renamed
src/swig-0_28_4/datasets_wrap.cxx+0 −0 renamed
src/swig-0_28_4/easyaccess.py+0 −0 renamed
src/swig-0_28_4/easyaccess_wrap.cxx+0 −0 renamed
src/swig-0_28_4/error.py+0 −0 renamed
src/swig-0_28_4/error_wrap.cxx+0 −0 renamed
src/swig-0_28_4/exif.py+0 −0 renamed
src/swig-0_28_4/exif_wrap.cxx+0 −0 renamed
src/swig-0_28_4/image.py+0 −0 renamed
src/swig-0_28_4/image_wrap.cxx+0 −0 renamed

src/swig-0_28_4/__init__.py+2 −2 renamed

@@ -20,9 +20,9 @@ def __init__(self, code, message):
         self.message = message
 
 #: python-exiv2 version as a string
-__version__ = "0.17.1"
+__version__ = "0.17.2"
 #: python-exiv2 version as a tuple of ints
-__version_tuple__ = tuple((0, 17, 1))
+__version_tuple__ = tuple((0, 17, 2))
 
 __all__ = ["Exiv2Error"]
 from exiv2.basicio import *

src/swig-0_28_4/iptc.py+0 −0 renamed
src/swig-0_28_4/iptc_wrap.cxx+0 −0 renamed
src/swig-0_28_4/__main__.py+0 −0 renamed
src/swig-0_28_4/metadatum.py+0 −0 renamed
src/swig-0_28_4/metadatum_wrap.cxx+0 −0 renamed
src/swig-0_28_4/preview.py+0 −0 renamed
src/swig-0_28_4/preview_wrap.cxx+0 −0 renamed
src/swig-0_28_4/properties.py+0 −0 renamed
src/swig-0_28_4/properties_wrap.cxx+0 −0 renamed
src/swig-0_28_4/tags.py+0 −0 renamed
src/swig-0_28_4/tags_wrap.cxx+0 −0 renamed
src/swig-0_28_4/types.py+0 −0 renamed
src/swig-0_28_4/types_wrap.cxx+0 −0 renamed
src/swig-0_28_4/value.py+0 −0 renamed
src/swig-0_28_4/value_wrap.cxx+0 −0 renamed
src/swig-0_28_4/version.py+0 −0 renamed
src/swig-0_28_4/version_wrap.cxx+0 −0 renamed
src/swig-0_28_4/xmp.py+0 −0 renamed
src/swig-0_28_4/xmp_wrap.cxx+0 −0 renamed

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-38h4-fx85-qcx7ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-26623ghsaADVISORY
github.com/Exiv2/exiv2/issues/3168ghsax_refsource_MISCWEB
github.com/Exiv2/exiv2/pull/3174ghsaWEB
github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7ghsax_refsource_CONFIRMWEB
github.com/jim-easterbrook/python-exiv2/commit/4cc875e392f9e0bc705fe03d929b9a382b78dae4ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000