Metrics
Affected Vendors & Products
Tue, 02 Sep 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:* | |
Metrics |
cvssV3_1
|
cvssV3_1
|
Sun, 31 Aug 2025 08:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Exiv2
Exiv2 exiv2 |
|
Vendors & Products |
Exiv2
Exiv2 exiv2 |
Sat, 30 Aug 2025 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Fri, 29 Aug 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 29 Aug 2025 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. The bug is fixed in version 0.28.6. | |
Title | Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file | |
Weaknesses | CWE-125 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-08-29T14:58:23.574Z
Reserved: 2025-07-16T13:22:18.207Z
Link: CVE-2025-54080

Updated: 2025-08-29T14:58:14.778Z

Status : Analyzed
Published: 2025-08-29T15:15:35.613
Modified: 2025-09-02T13:29:38.163
Link: CVE-2025-54080


Updated: 2025-08-31T08:41:37Z