CVE-2026-27596Out-of-bounds Read in Exiv2

CWE-125Out-of-bounds ReadCWE-191Integer Underflow (Wrap or Wraparound)11 documents8 sources
Severity
2.7LOWNVD
OSV8.1
EPSS
0.1%
top 81.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Exiv2Debian Exiv2
Timeline
PublishedMar 2
Latest updateMar 31

Description

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages5 packages

CVEListV5exiv2/exiv2< 0.28.8
NVDexiv2/exiv2< 0.28.8
debiandebian/exiv2< exiv2 0.28.8+dfsg-1 (forky)
Debianexiv2/exiv2< 0.28.8+dfsg-1
Ubuntuexiv2/exiv2< 0.27.5-3ubuntu1.1+9

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
exiv2 regression2026-03-19
OSV
exiv2 vulnerabilities2026-03-18
CVEList
Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow2026-03-02
OSV
CVE-2026-27596: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata2026-03-02

📋Vendor Advisories

4
Ubuntu
Exiv2 regression2026-03-19
Ubuntu
Exiv2 vulnerabilities2026-03-18
Red Hat
exiv2: Exiv2: Denial of Service via out-of-bounds read in preview component2026-03-02
Debian
CVE-2026-27596: exiv2 - Exiv2 is a C++ library and a command-line utility to read, write, delete and mod...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-27596 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-27596 mingw-exiv2: Exiv2: Denial of Service via out-of-bounds read in preview component [fedora-all]2026-03-31