PT-2026-22695 · Exiv2+2 · Exiv2+2

Zerojackyi

Publicado

2026-01-01

Atualizado

2026-03-23

CVE-2026-27596

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Exiv2 versions prior to 0.28.8

Description Exiv2 is a C++ library and a command-line utility used to read, write, delete, and modify image metadata formats like Exif, IPTC, XMP, and ICC. A flaw exists in the preview component that can lead to an out-of-bounds read when Exiv2 is executed with an additional command-line argument, such as -pp. This out-of-bounds read occurs at a 4GB offset, typically resulting in a crash of the Exiv2 application. The LoaderNative::getData() function is implicated in this issue.

Recommendations Versions prior to 0.28.8 should be updated to version 0.28.8 or later.

Exploit

Correção

Out of bounds Read

Integer Underflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-191

Identificadores relacionados

AZL-78521

AZL-78624

CVE-2026-27596

GHSA-3WGV-FG4W-75X7

OESA-2026-1564

OPENSUSE-SU-2026:20410-1

SUSE-SU-2026:20923-1

USN-8103-1

Produtos afetados

Exiv2

Linuxmint

Ubuntu

PT-2026-22695 · Exiv2+2 · Exiv2+2

CVE-2026-27596

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 54