Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Exiv2: Crash when reading crafted video files
OESA-2026-1564
Summary
Exiv2, a tool for managing image metadata, can crash if given a specially made video file. This is a security issue that can affect systems that use Exiv2. Update to version 0.28.8 or later to fix the problem.
What to do
- Update exiv2 to version 0.28.2-8.oe2403sp2.
- Update exiv2 to version 0.28.2-8.oe2403sp3.
- Update exiv2 to version 0.27.5-7.oe2003sp4.
- Update exiv2 to version 0.27.5-7.oe2203sp4.
- Update exiv2 to version 0.28.2-8.oe2403sp1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | exiv2 | <= 0.28.2-8.oe2403sp2 | 0.28.2-8.oe2403sp2 |
| – | exiv2 | <= 0.28.2-8.oe2403sp3 | 0.28.2-8.oe2403sp3 |
| – | exiv2 | <= 0.27.5-7.oe2003sp4 | 0.27.5-7.oe2003sp4 |
| – | exiv2 | <= 0.27.5-7.oe2203sp4 | 0.27.5-7.oe2203sp4 |
| – | exiv2 | <= 0.28.2-8.oe2403sp1 | 0.28.2-8.oe2403sp1 |
| – | exiv2 | <= 0.28.2-8.oe2403sp1 | 0.28.2-8.oe2403sp1 |
Original title
exiv2 security update
Original description
Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats.
Security Fix(es):
An out-of-bounds read was found in Exiv2 version v0.28.7. The vulnerability is in the CRW image parser. The bug is reproducible with our fuzz target, but we have not been able to reproduce it with the exiv2 command line application. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file.(CVE-2026-25884)
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.(CVE-2026-27596)
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.(CVE-2026-27631)
Security Fix(es):
An out-of-bounds read was found in Exiv2 version v0.28.7. The vulnerability is in the CRW image parser. The bug is reproducible with our fuzz target, but we have not been able to reproduce it with the exiv2 command line application. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file.(CVE-2026-25884)
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.(CVE-2026-27596)
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.(CVE-2026-27631)
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-25884 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-27596 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-27631 Vendor Advisory
Published: 15 Mar 2026 · Updated: 15 Mar 2026 · First seen: 15 Mar 2026