CVE-2026-25884

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Exiv2 versions prior to 0.28.8

Description Exiv2 is a C++ library and a command-line utility used for reading, writing, deleting, and modifying Exif, IPTC, XMP, and ICC image metadata. A flaw exists in the CRW image parser that can lead to an out-of-bounds read. The issue is present in the CrwMap::decode0x0805 function.

Recommendations Versions prior to 0.28.8 should be updated to version 0.28.8 or later.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

AZL-78524

AZL-78621

CVE-2026-25884

GHSA-9MXQ-4J5G-5WRP

OESA-2026-1564

OPENSUSE-SU-2026:10298-1

OPENSUSE-SU-2026:20410-1

SUSE-SU-2026:20923-1

USN-8103-1

Affected Products

Exiv2

Linuxmint

Ubuntu

CVE-2026-25884

Weakness Enumeration

Related Identifiers

Affected Products

References · 54