CVE-2026-27596

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Exiv2 versions prior to 0.28.8

Description Exiv2 is a C++ library and a command-line utility used to read, write, delete, and modify image metadata formats like Exif, IPTC, XMP, and ICC. A flaw exists in the preview component that can lead to an out-of-bounds read when Exiv2 is executed with an additional command-line argument, such as -pp. This out-of-bounds read occurs at a 4GB offset, typically resulting in a crash of the Exiv2 application. The LoaderNative::getData() function is implicated in this issue.

Recommendations Versions prior to 0.28.8 should be updated to version 0.28.8 or later.

Exploit

Fix

Out of bounds Read

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-191

Related Identifiers

AZL-78521

AZL-78624

CVE-2026-27596

GHSA-3WGV-FG4W-75X7

OESA-2026-1564

OPENSUSE-SU-2026:20410-1

SUSE-SU-2026:20923-1

USN-8103-1

Affected Products

Exiv2

Linuxmint

Ubuntu

CVE-2026-27596

Weakness Enumeration

Related Identifiers

Affected Products

References · 54