VYPR

Exifreader

by Mattiasw

Source repositories

CVEs (2)

  • CVE-2026-8813HigMay 19, 2026
    risk 0.42cvss 7.5epss 0.01

    This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array…

  • CVE-2026-8814MedMay 19, 2026
    risk 0.27cvss 5.3epss 0.00

    Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a…