Home/Product/exiv2
Product

exiv2

125 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-27631
<= 0.28.8
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior
5.3MEDIUM
 CVE-2026-27596
< 0.28.8
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior
7.5HIGH
 CVE-2026-25884
< 0.28.8
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior
8.1HIGH
 CVE-2025-55304
< 0.28.6
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A deni
5.5MEDIUM
 CVE-2025-54080
< 0.28.6
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out
5.5MEDIUM
 CVE-2025-26623
>= 0.28.0 and < 0.28.5
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap
9.8CRITICAL
 CVE-2024-39695
>= 0.28.0 and < 0.28.3
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-
5.3MEDIUM
 CVE-2024-25112
all versions
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denia
5.5MEDIUM
 CVE-2024-24826
all versions
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-
5.5MEDIUM
 CVE-2023-44398
all versions
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out
8.8HIGH
 CVE-2020-18831
all versions
Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial
7.8HIGH
 CVE-2020-18774
all versions
A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service
6.5MEDIUM
 CVE-2020-18773
all versions
An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS)
6.5MEDIUM
 CVE-2020-18771
all versions
Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result
8.1HIGH
 CVE-2020-18899
all versions
An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a den
6.5MEDIUM
 CVE-2020-18898
all versions
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS
6.5MEDIUM
 CVE-2021-37615
<= 0.27.4
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null
4.7MEDIUM
 CVE-2021-34335
<= 0.27.4
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A float
4.7MEDIUM
 CVE-2021-37622
<= 0.27.4
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infi
5.5MEDIUM
 CVE-2021-37621
<= 0.27.4
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infi
5.5MEDIUM
 CVE-2021-37620
< 0.27.5
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-
4.7MEDIUM
 CVE-2021-37619
<= 0.27.4
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-
4.7MEDIUM
 CVE-2021-37618
<= 0.27.4
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-
4.7MEDIUM
 CVE-2021-37616
<= 0.27.4
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null
5.5MEDIUM
 CVE-2021-37623
<= 0.27.4
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infi
5.5MEDIUM
 CVE-2021-34334
<= 0.27.4
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infi
5.5MEDIUM
 CVE-2021-32815
<= 0.27.4
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The ass
5.5MEDIUM
 CVE-2021-31292
all versions
An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a d
7.5HIGH
 CVE-2020-19716
all versions
A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS).
6.5MEDIUM
 CVE-2021-32617
< 0.27.4
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inef
4.7MEDIUM
 CVE-2021-29623
< 0.27.4
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read
3.6LOW
 CVE-2021-29464
< 0.27.4
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap
3.3LOW
 CVE-2021-29463
< 0.27.4
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-
3.3LOW
 CVE-2021-29473
< 0.27.4
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out
2.5LOW
 CVE-2021-29470
<= 0.27.3
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-
4.7MEDIUM
 CVE-2021-29458
< 0.27.4
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-
5.5MEDIUM
 CVE-2021-29457
< 0.27.4
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap
7.8HIGH
 CVE-2021-3482
<= 0.27.3
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in J
6.5MEDIUM
 CVE-2019-20421
all versions
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU
7.5HIGH
 CVE-2019-17402
all versions
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::
6.5MEDIUM
 CVE-2019-14982
< 0.27.2
In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. I
6.5MEDIUM
 CVE-2019-14370
all versions
In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial o
6.5MEDIUM
 CVE-2019-14369
all versions
Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffe
6.5MEDIUM
 CVE-2019-14368
all versions
Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp.
7.8HIGH
 CVE-2019-13504
<= 0.27.2
There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2.
6.5MEDIUM
 CVE-2019-13114
<= 0.27.1
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereferenc
6.5MEDIUM
 CVE-2019-13113
<= 0.27.1
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location
6.5MEDIUM
 CVE-2019-13112
<= 0.27.1
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of servi
6.5MEDIUM
 CVE-2019-13111
<= 0.27.1
A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap all
5.5MEDIUM
 CVE-2019-13110
<= 0.27.1
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denia
6.5MEDIUM
 CVE-2019-13109
<= 0.27.1
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file
6.5MEDIUM
 CVE-2019-13108
<= 0.27.1
An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file
6.5MEDIUM
 CVE-2019-9144
all versions
An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This ca
8.8HIGH
 CVE-2019-9143
all versions
An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This
8.8HIGH
 CVE-2018-20099
all versions
There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a re
6.5MEDIUM
 CVE-2018-20098
all versions
There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will
6.5MEDIUM
 CVE-2018-20097
all versions
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input wi
6.5MEDIUM
 CVE-2018-20096
all versions
There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input wil
6.5MEDIUM
 CVE-2018-19607
all versions
Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereferenc
6.5MEDIUM
 CVE-2018-19535
<= 0.26
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash
6.5MEDIUM
 CVE-2018-19108
all versions
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite
6.5MEDIUM
 CVE-2018-19107
all versions
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial o
6.5MEDIUM
 CVE-2018-18915
all versions
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lea
6.5MEDIUM
 CVE-2018-17581
all versions
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, lead
6.5MEDIUM
 CVE-2018-17282
all versions
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.
6.5MEDIUM
 CVE-2018-17230
all versions
Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a
6.5MEDIUM
 CVE-2018-17229
all versions
Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a
6.5MEDIUM
 CVE-2018-16336
all versions
Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer ov
6.5MEDIUM
 CVE-2018-14338
all versions
samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms)
8.1HIGH
 CVE-2018-14046
all versions
Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.
8.8HIGH
 CVE-2018-12265
all versions
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::r
8.8HIGH
 CVE-2018-12264
all versions
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::se
8.8HIGH
 CVE-2018-11531
all versions
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.
9.8CRITICAL
 CVE-2018-11037
all versions
In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak v
6.5MEDIUM
 CVE-2018-10999
all versions
An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read.
6.5MEDIUM
 CVE-2018-10998
all versions
An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT)
6.5MEDIUM
 CVE-2018-10958
all versions
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal
6.5MEDIUM
 CVE-2018-10780
all versions
Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read.
6.5MEDIUM
 CVE-2018-10772
<= 0.26
The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application
6.5MEDIUM
 CVE-2018-9305
< 0.26
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to
8.1HIGH
 CVE-2018-9304
< 0.26
In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.
6.5MEDIUM
 CVE-2018-9303
< 0.26
In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.
6.5MEDIUM
 CVE-2018-9145
all versions
In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A l
6.5MEDIUM
 CVE-2018-9144
< 0.26
In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of servic
8.1HIGH
 CVE-2018-8977
all versions
In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of servi
6.5MEDIUM
 CVE-2018-8976
all versions
In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-b
6.5MEDIUM
 CVE-2017-17725
all versions
In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp.
6.5MEDIUM
 CVE-2017-17724
all versions
In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the
6.5MEDIUM
 CVE-2017-17723
all versions
In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can e
8.1HIGH
 CVE-2017-17722
all versions
In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial o
6.5MEDIUM
 CVE-2018-5772
all versions
In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in t
5.5MEDIUM
 CVE-2018-4868
all versions
The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (exc
5.5MEDIUM
 CVE-2017-18005
all versions
Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a
5.5MEDIUM
 CVE-2017-17669
all versions
There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A
5.5MEDIUM
 CVE-2017-1000128
all versions
Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser
5.5MEDIUM
 CVE-2017-1000127
all versions
Exiv2 0.26 contains a heap buffer overflow in tiff parser
5.5MEDIUM
 CVE-2017-1000126
all versions
exiv2 0.26 contains a Stack out of bounds read in webp parser
5.5MEDIUM
 CVE-2017-14866
all versions
There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a den
5.5MEDIUM
 CVE-2017-14865
all versions
There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a de
5.5MEDIUM
 CVE-2017-14864
all versions
An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a seg
5.5MEDIUM
 CVE-2017-14863
all versions
A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes
5.5MEDIUM
 CVE-2017-14862
all versions
An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability cause
5.5MEDIUM
 CVE-2017-14861
all versions
There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted inp
5.5MEDIUM
 CVE-2017-14860
all versions
There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted inpu
5.5MEDIUM
 CVE-2017-14859
all versions
An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability
5.5MEDIUM
 CVE-2017-14858
all versions
There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a den
5.5MEDIUM
 CVE-2017-14857
all versions
In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will l
5.5MEDIUM
 CVE-2017-12957
all versions
There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp.
6.5MEDIUM
 CVE-2017-12956
all versions
There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to
6.5MEDIUM
 CVE-2017-12955
all versions
There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Imag
8.8HIGH
 CVE-2017-11683
all versions
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lea
6.5MEDIUM
 CVE-2017-11592
all versions
There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to
7.5HIGH
 CVE-2017-11591
all versions
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service at
7.5HIGH
 CVE-2017-11553
all versions
There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to
7.5HIGH
 CVE-2017-11340
all versions
There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will
6.5MEDIUM
 CVE-2017-11339
all versions
There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will le
6.5MEDIUM
 CVE-2017-11338
all versions
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to
6.5MEDIUM
 CVE-2017-11337
all versions
There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a
6.5MEDIUM
 CVE-2017-11336
all versions
There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will l
6.5MEDIUM
 CVE-2017-9953
all versions
There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead t
7.5HIGH
 CVE-2017-9239
all versions
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0
6.5MEDIUM
 CVE-2014-9449
all versions
Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denia
 CVE-2008-2696
all versions
Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero va
 CVE-2007-6353
< 0.16
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file
 CVE-2005-4676
all versions
Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allow
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin