CVE-2026-8813

Name of the Vulnerable Software and Affected Versions exifreader versions prior to 4.39.0

Description A crafted image containing an ICC mluc tag can specify an attacker-controlled record count combined with a zero record size. During the parsing process, the software repeatedly processes the same record and appends entries to an array without sufficient bounds validation, leading to excessive memory growth. This can result in a denial of service through memory exhaustion in applications that parse images supplied by attackers.

Recommendations Update to version 4.39.0 or later.