VYPR

PyPI package

exiv2

pkg:pypi/exiv2

Vulnerabilities (5)

  • CVE-2025-55304Aug 29, 2025
    affected <= 0.17.3

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to

  • CVE-2025-54080Aug 29, 2025
    affected <= 0.17.3

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafte

  • CVE-2025-26623Feb 18, 2025
    affected >= 0.28.0, < 0.28.5fixed 0.28.5

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-

  • CVE-2024-24826Feb 12, 2024
    affected >= 0.16.0, < 0.16.1fixed 0.16.1

    Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions

  • CVE-2024-25112Feb 12, 2024
    affected >= 0.16.0, < 0.16.1fixed 0.16.1

    Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `Qu