VYPR
Medium severityOSV Advisory· Published Apr 8, 2025· Updated Apr 15, 2026

CVE-2025-32025

CVE-2025-32025

Description

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably high for image metadata. Before v0.11.0, If you didn't trust the input images, this could be abused to construct denial-of-service attacks. v0.11.0 added a 10 MB upper limit.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/bep/imagemetaGo
< 0.11.00.11.0

Affected products

25

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.