Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Exiv2 — Vulnerabilities & Security Advisories 29

Browse all 29 CVE security advisories affecting Exiv2. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Exiv2 is an open-source library designed for reading and writing image metadata, primarily supporting JPEG, TIFF, and PNG formats. It serves as a critical component for applications requiring precise manipulation of EXIF, IPTC, and XMP data without altering the underlying image content. Historically, the software has been vulnerable to memory corruption issues, including buffer overflows and out-of-bounds reads, stemming from insufficient validation of malformed input files. These flaws have occasionally led to remote code execution or denial-of-service conditions, though cross-site scripting and privilege escalation are not typical threat vectors for this backend utility. With twenty-nine recorded CVEs, the project has faced scrutiny regarding its handling of complex metadata structures. Recent updates have focused on hardening parsing routines to mitigate these risks, ensuring that developers integrating the library can process untrusted image data with reduced exposure to exploitation.

Top products by Exiv2: exiv2
CVE IDTitleCVSSSeverityPublished
CVE-2026-25884 Exiv2: Out-of-bounds read in CrwMap::decode0x0805 — exiv2CWE-125 8.2AIHighAI2026-03-02
CVE-2026-27596 Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow — exiv2CWE-125 6.2AIMediumAI2026-03-02
CVE-2026-27631 Exiv2: Uncaught exception - cannot create std::vector larger than max_size() — exiv2CWE-248 5.5AIMediumAI2026-03-02
CVE-2025-55304 Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata — exiv2CWE-407 5.5 -2025-08-29
CVE-2025-54080 Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file — exiv2CWE-125 5.5 -2025-08-29
CVE-2025-26623 Use After Free in Exiv2 — exiv2CWE-416 8.4 -2025-02-18
CVE-2024-39695 Exiv2 has an out-of-bounds read in AsfVideo::streamProperties — exiv2CWE-125 5.3 Medium2024-07-08
CVE-2024-24826 Out-of-bounds read in QuickTimeVideo::NikonTagsDecoder in Exiv2 — exiv2CWE-125 5.5 Medium2024-02-12
CVE-2024-25112 Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2 — exiv2CWE-400 5.5 Medium2024-02-12
CVE-2023-44398 Out-of-bounds write in exiv2 — exiv2CWE-787 8.8 High2023-11-06
CVE-2021-37619 Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header — exiv2CWE-125 4.7 Medium2021-08-09
CVE-2021-37623 Denial of service due to infinite loop in JpegBase::printStructure (#2) — exiv2CWE-835 5.5 Medium2021-08-09
CVE-2021-37622 Denial of service due to infinite loop in JpegBase::printStructure (#1) — exiv2CWE-835 5.5 Medium2021-08-09
CVE-2021-37621 Denial of service due to infinite loop in Image::printIFDStructure — exiv2CWE-835 5.5 Medium2021-08-09
CVE-2021-37620 Out-of-bounds read in XmpTextValue::read() — exiv2CWE-125 4.7 Medium2021-08-09
CVE-2021-37618 Out-of-bounds read in Exiv2::Jp2Image::printStructure — exiv2CWE-125 4.7 Medium2021-08-09
CVE-2021-37616 Null pointer dereference in Exiv2::Internal::resolveLens0x8ff — exiv2CWE-476 5.5 Medium2021-08-09
CVE-2021-37615 Null pointer dereference in Exiv2::Internal::resolveLens0x319 — exiv2CWE-476 4.7 Medium2021-08-09
CVE-2021-34335 Denial of service due to FPE in Exiv2::Internal::resolveLens0xffff — exiv2CWE-369 4.7 Medium2021-08-09
CVE-2021-34334 Denial of service due to integer overflow in loop counter — exiv2CWE-835 5.5 Medium2021-08-09
CVE-2021-32815 Denial of service due to assertion failure in crwimage_int.cpp — exiv2CWE-617 5.5 Medium2021-08-09
CVE-2021-32617 Denial of service in Exiv2 — exiv2CWE-400 4.7 Medium2021-05-17
CVE-2021-29623 Uninitialized variable bug in Exiv2 — exiv2CWE-908 3.6 Low2021-05-13
CVE-2021-29464 Heap buffer overflow in Exiv2::Jp2Image::encodeJp2Header — exiv2CWE-122 3.3 Low2021-04-30
CVE-2021-29463 Out-of-bounds read in Exiv2::WebPImage::doWriteMetadata — exiv2CWE-125 3.3 Low2021-04-30
CVE-2021-29473 Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata — exiv2CWE-125 2.5 Low2021-04-26
CVE-2021-29470 Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header — exiv2CWE-125 4.7 Medium2021-04-23
CVE-2021-29457 Heap buffer overflow in Exiv2::Jp2Image::doWriteMetadata — exiv2CWE-122 7.8 -2021-04-19
CVE-2021-29458 Out-of-bounds read in Exiv2::Internal::CrwMap::encode — exiv2CWE-125 5.5 -2021-04-19

This page lists every published CVE security advisory associated with Exiv2. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.