Exiv2 Exiv2
124 CVEs affecting Exiv2 Exiv2. Latest disclosed: 2026-03-02. Critical: 2, High: 23.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-26623 | Critical | 9.8 | 2025-02-18 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in… |
CVE-2018-11531 | Critical | 9.8 | 2018-05-29 | Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. |
CVE-2023-44398 | High | 8.8 | 2023-11-06 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in… |
CVE-2019-9144 | High | 8.8 | 2019-02-25 | An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted f… |
CVE-2019-9143 | High | 8.8 | 2019-02-25 | An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafte… |
CVE-2018-14046 | High | 8.8 | 2018-07-13 | Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp. |
CVE-2018-12265 | High | 8.8 | 2018-06-13 | Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp. |
CVE-2018-12264 | High | 8.8 | 2018-06-13 | Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp. |
CVE-2017-12955 | High | 8.8 | 2017-08-18 | There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which… |
CVE-2026-25884 | High | 8.1 | 2026-03-02 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-… |
CVE-2020-18771 | High | 8.1 | 2021-08-23 | Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak. |
CVE-2018-14338 | High | 8.1 | 2018-07-17 | samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, pos… |
CVE-2018-9305 | High | 8.1 | 2018-04-04 | In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case. |
CVE-2018-9144 | High | 8.1 | 2018-03-30 | In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure. |
CVE-2017-17723 | High | 8.1 | 2018-02-12 | In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to… |
CVE-2020-18831 | High | 7.8 | 2023-08-22 | Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecif… |
CVE-2021-29457 | High | 7.8 | 2021-04-19 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in… |
CVE-2019-14368 | High | 7.8 | 2019-07-28 | Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp. |
CVE-2026-27596 | High | 7.5 | 2026-03-02 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-… |
CVE-2021-31292 | High | 7.5 | 2021-07-26 | An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via cr… |