High severity7.5NVD Advisory· Published May 19, 2026· Updated May 19, 2026
CVE-2026-8813
CVE-2026-8813
Description
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficient bounds validation, causing excessive memory growth. In applications that parse attacker-supplied images, this may lead to denial of service through memory exhaustion.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
exifreadernpm | >= 2.10.0, < 4.39.0 | 4.39.0 |
Affected products
1Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-h64w-w9pr-82m4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-8813ghsaADVISORY
- gist.github.com/yuki-matsuhashi/3243ea38e5fbf8cfe19b624f04c9f4b4nvdWEB
- github.com/mattiasw/ExifReader/commit/c9d88b67e127b2dcc7b46e328df468257fb2dc30nvdWEB
- github.com/mattiasw/ExifReader/security/advisories/GHSA-h64w-w9pr-82m4ghsaWEB
- security.snyk.io/vuln/SNYK-JS-EXIFREADER-16689335nvdWEB
News mentions
0No linked articles in our index yet.