CVE-2025-55304

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Exiv2 versions prior to 0.28.6

Description Exiv2 is a C++ library and a command-line utility used to read, write, delete, and modify image metadata (Exif, IPTC, XMP, and ICC). A denial-of-service issue was identified in the ICC profile parsing code within the jpegBase::readMetadata() function. This issue stems from a quadratic algorithm that can cause prolonged execution times when processing crafted JPG image files. The denial-of-service is triggered when Exiv2 attempts to read the metadata of a specially crafted JPG image.

Recommendations Update to Exiv2 version 0.28.6 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-407

Related Identifiers

ALT-PU-2025-11094

AZL-66708

AZL-66767

BDU:2025-13813

CVE-2025-55304

GHSA-M54Q-MM9W-FP6G

OESA-2025-2116

OESA-2025-2117

OESA-2025-2274

OPENSUSE-SU-2026:10298-1

OPENSUSE-SU-2026:20410-1

SUSE-SU-2026:0231-1

SUSE-SU-2026:20923-1

USN-8103-1

USN-8103-2

Affected Products

Alt Linux

Debian

Exiv2

Linuxmint

Red Os

Ubuntu

CVE-2025-55304

Weakness Enumeration

Related Identifiers

Affected Products

References · 66