CVE-2026-25884
- Source
- https://cve.org/CVERecord?id=CVE-2026-25884
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25884.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-25884
- Aliases
-
- GHSA-9mxq-4j5g-5wrp
- Downstream
- Published
- 2026-03-02T19:41:21.157Z
- Modified
- 2026-03-03T02:55:50.666421Z
- Severity
-
- 2.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- Exiv2: Out-of-bounds read in CrwMap::decode0x0805
- Details
-
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.
- Database specific
{ "cwe_ids": [ "CWE-125" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25884.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25884.json
- https://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d
- https://github.com/Exiv2/exiv2/pull/3462
- https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp
- https://nvd.nist.gov/vuln/detail/CVE-2026-25884
Affected packages
Git / github.com/exiv2/exiv2
Affected versions
0.*
0.27
0.27-RC2
0.27-RC3
0.27.1
Other
testIPO
testIPO_2
testIPO_3
testIPO_exiv2-xmp-OBJECT
testNoConanCache
v0.*
v0.10
v0.11
v0.12
v0.13
v0.14
v0.15
v0.16
v0.16-pre1
v0.17
v0.17.1
v0.18
v0.18-pre1
v0.18-pre2
v0.18.1
v0.18.2
v0.19
v0.20
v0.21
v0.21.1
v0.22
v0.23
v0.23.1
v0.24
v0.25
v0.26
v0.27-RC1
v0.27.0
v0.27.1
v0.27.1-RC1
v0.27.2
v0.27.2-RC1
v0.27.2-RC2
v0.27.2-RC3
v0.27.3
v0.27.3-RC1
v0.27.3-RC2
v0.27.4-RC1
v0.27.4-RC2
v0.28.0
v0.28.1
v0.28.2
v0.28.3
v0.28.4
v0.28.5
v0.28.6
v0.28.7
v0.3
v0.4
v0.5
v0.6
v0.6.1
v0.6.2
v0.7
v0.8
v0.9
v0.9.1