Bep Imagemeta vulnerabilities
2 known vulnerabilities affecting bep/imagemeta.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-32024P4MEDIUMCVSS 6.9fixed in 0.10.02025-04-08
CVE-2025-32024 [MEDIUM] CWE-770 CVE-2025-32024: bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, a
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to construct denial-of-service attacks. v0.10.0 added Li
nvd
CVE-2025-32025P4MEDIUMCVSS 6.9fixed in v0.11.02025-04-08
CVE-2025-32025 [MEDIUM] CWE-770 CVE-2025-32025: bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, a
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably high for image metadata. Before v0.11.0, If you didn't
nvd