Unrated severityNVD Advisory· Published Mar 2, 2026· Updated Mar 2, 2026
Exiv2: Out-of-bounds read in CrwMap::decode0x0805
CVE-2026-25884
Description
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9dmitrex_refsource_MISC
- github.com/Exiv2/exiv2/pull/3462mitrex_refsource_MISC
- github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrpmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.