CVE-2026-27631 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught…
Low CVSS: 2.7

CVE-2026-27631

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.
Vendor
Exiv2
Product
Exiv2
CWE
CWE-248
Yayın Tarihi
2026-03-02 20:16:27
Güncelleme
2026-03-05 12:31:24
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-248 Exiv2 LOW Exiv2 2026

Referanslar

https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df https://github.com/Exiv2/exiv2/issues/3513 https://github.com/Exiv2/exiv2/pull/3514 https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j