Exiv2 Exiv2

124 CVEs affecting Exiv2 Exiv2. Latest disclosed: 2026-03-02. Critical: 2, High: 23.

Top CVEs affecting Exiv2 Exiv2
CVESeverityScorePublishedSummary
CVE-2025-26623Critical9.82025-02-18Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in…
CVE-2018-11531Critical9.82018-05-29Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.
CVE-2023-44398High8.82023-11-06Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in…
CVE-2019-9144High8.82019-02-25An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted f…
CVE-2019-9143High8.82019-02-25An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafte…
CVE-2018-14046High8.82018-07-13Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.
CVE-2018-12265High8.82018-06-13Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
CVE-2018-12264High8.82018-06-13Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
CVE-2017-12955High8.82017-08-18There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which…
CVE-2026-25884High8.12026-03-02Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-…
CVE-2020-18771High8.12021-08-23Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak.
CVE-2018-14338High8.12018-07-17samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, pos…
CVE-2018-9305High8.12018-04-04In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case.
CVE-2018-9144High8.12018-03-30In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure.
CVE-2017-17723High8.12018-02-12In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to…
CVE-2020-18831High7.82023-08-22Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecif…
CVE-2021-29457High7.82021-04-19Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in…
CVE-2019-14368High7.82019-07-28Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp.
CVE-2026-27596High7.52026-03-02Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-…
CVE-2021-31292High7.52021-07-26An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via cr…