Fluid Attacks Database

Description

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	exiv2	=0.27.3-3 \|\| =0.27.3-3+deb11u1 \|\| =0.27.3-3+deb11u2 \|\| =0.27.3-3.1 \|\| =0.27.5-1 \|\| =0.27.5-2 \|\| =0.27.5-3 \|\| =0.27.5-4 \|\| =0.27.6-1 \|\| =0.28.0+dfsg-1 \|\| =0.28.0+dfsg-2 \|\| =0.28.0+dfsg-3 \|\| =0.28.0+dfsg-4 \|\| =0.28.1+dfsg-1 \|\| =0.28.1+dfsg-2 \|\| =0.28.1+dfsg-3 \|\| =0.28.2+dfsg-1 \|\| =0.28.3+dfsg-1 \|\| =0.28.3+dfsg-2 \|\| =0.28.4+dfsg-1 \|\| =0.28.4+dfsg-2 \|\| =0.28.5+dfsg-1 \|\| =0.28.7+dfsg-1 \|\| =0.28.7+dfsg-2 \|\| =0.28.8+dfsg-1	-
debian 12	exiv2	=0.27.6-1 \|\| =0.28.0+dfsg-1 \|\| =0.28.0+dfsg-2 \|\| =0.28.0+dfsg-3 \|\| =0.28.0+dfsg-4 \|\| =0.28.1+dfsg-1 \|\| =0.28.1+dfsg-2 \|\| =0.28.1+dfsg-3 \|\| =0.28.2+dfsg-1 \|\| =0.28.3+dfsg-1 \|\| =0.28.3+dfsg-2 \|\| =0.28.4+dfsg-1 \|\| =0.28.4+dfsg-2 \|\| =0.28.5+dfsg-1 \|\| =0.28.7+dfsg-1 \|\| =0.28.7+dfsg-2 \|\| =0.28.8+dfsg-1	-
debian 14	exiv2	=0.28.5+dfsg-1 \|\| =0.28.7+dfsg-1 \|\| =0.28.7+dfsg-2 \|\| >=0 <0.28.8+dfsg-1	0.28.8+dfsg-1
debian 13	exiv2	=0.28.5+dfsg-1 \|\| =0.28.7+dfsg-1 \|\| =0.28.7+dfsg-2 \|\| =0.28.8+dfsg-1	-
rpm rhel7	exiv2	-	-
rpm rhel7	compat-exiv2-026	-	-
rpm rhel8	compat-exiv2-026	-	-
rpm rhel7	compat-exiv2-023	-	-
rpm rhel10	exiv2	-	-
rpm rhel6	exiv2	-	-

1-10 of 12

Aliases

1. CVE-2026-275962. NVD-2026-275963. OSV-DEBIAN-2026-275964. OSV-2026-275965. SECURITY-TRACKER-CVE-2026-27596

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.