CVE-2025-54080

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Exiv2 versions 0.28.5 and earlier

Description Exiv2 is a C++ library and command-line utility used for reading, writing, deleting, and modifying image metadata (Exif, IPTC, XMP, and ICC). An out-of-bounds read vulnerability exists when Exiv2 writes metadata to a crafted image file. This can lead to a denial of service by crashing the application if a victim is tricked into processing a malicious image. The issue is triggered specifically during metadata writing, which is a less common operation than reading metadata.

Recommendations Exiv2 versions prior to 0.28.6 are affected. Update to version 0.28.6 or later to resolve this issue.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-407

Related Identifiers

ALT-PU-2025-11094

AZL-66711

AZL-66764

BDU:2025-13813

BDU:2025-13814

CVE-2025-54080

GHSA-496F-X7CQ-CQ39

OESA-2025-2113

OESA-2025-2114

OESA-2025-2115

OESA-2025-2116

OESA-2025-2117

OESA-2025-2274

OPENSUSE-SU-2026:10298-1

OPENSUSE-SU-2026:20410-1

SUSE-SU-2026:20923-1

USN-8103-1

Affected Products

Alt Linux

Debian

Exiv2

Linuxmint

Red Os

Ubuntu

CVE-2025-54080

Weakness Enumeration

Related Identifiers

Affected Products

References · 72