CVE-2026-8814

Name of the Vulnerable Software and Affected Versions exifreader versions prior to 4.39.0

Description Improper handling of highly compressed data leads to data amplification when decompressing PNG zTXt metadata without enforcing a maximum decompressed output size. If asynchronous parsing is enabled, a specially crafted PNG file with a highly compressed zTXt chunk can cause the software to materialize an excessively large Comment value in memory.

Recommendations Update to version 4.39.0 or later.