PT-2026-22692 · Exiv2+2 · Exiv2+2

Kevinbackhouse

Publicado

2026-01-01

Atualizado

2026-03-23

CVE-2026-25884

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Exiv2 versions prior to 0.28.8

Description Exiv2 is a C++ library and a command-line utility used for reading, writing, deleting, and modifying Exif, IPTC, XMP, and ICC image metadata. A flaw exists in the CRW image parser that can lead to an out-of-bounds read. The issue is present in the CrwMap::decode0x0805 function.

Recommendations Versions prior to 0.28.8 should be updated to version 0.28.8 or later.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

AZL-78524

AZL-78621

CVE-2026-25884

GHSA-9MXQ-4J5G-5WRP

OESA-2026-1564

OPENSUSE-SU-2026:10298-1

OPENSUSE-SU-2026:20410-1

SUSE-SU-2026:20923-1

USN-8103-1

Produtos afetados

Exiv2

Linuxmint

Ubuntu

PT-2026-22692 · Exiv2+2 · Exiv2+2

CVE-2026-25884

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 54