CVE-2025-54080Out-of-bounds Read in Exiv2

CWE-125Out-of-bounds Read10 documents6 sources
Severity
1.8LOWNVD
OSV8.1
EPSS
0.0%
top 92.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Exiv2Debian Exiv2
Timeline
PublishedAug 29
Latest updateMar 19

Description

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only tr

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages5 packages

NVDexiv2/exiv2< 0.28.6
debiandebian/exiv2< exiv2 0.28.7+dfsg-2 (forky)
Debianexiv2/exiv2< 0.28.7+dfsg-2
Ubuntuexiv2/exiv2< 0.27.5-3ubuntu1.1+9
PyPIexiv2/exiv20.17.3

Patches

Patch: github.com

🔴Vulnerability Details

5
OSV
exiv2 regression2026-03-19
OSV
exiv2 vulnerabilities2026-03-18
OSV
Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file2025-08-29
GHSA
Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file2025-08-29
OSV
CVE-2025-54080: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata2025-08-29

📋Vendor Advisories

4
Ubuntu
Exiv2 regression2026-03-19
Ubuntu
Exiv2 vulnerabilities2026-03-18
Red Hat
exiv2: Exiv2 Segmentation Faults2025-08-29
Debian
CVE-2025-54080: exiv2 - Exiv2 is a C++ library and a command-line utility to read, write, delete and mod...2025