Description
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.
Published: 2026-03-02
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

The Exiv2 library contains an integer underflow in LoaderNative::getData, which allows an out‑of‑bounds read at a 4 GB offset when the preview feature is forced by the command‑line flag –pp. The overread corrupts heap memory and typically leads to a crash. This weakness is categorized as CWE‑125 and CWE‑191.

Affected Systems

All builds of Exiv2 older than version 0.28.8 that expose the preview functionality run by the –pp flag are affected. The library is available for Linux, macOS, and Windows, so any system that installs or compiles such a vulnerable version and uses the preview option may be impacted.

Risk and Exploitability

The CVSS score of 2.7 indicates a low severity, and the EPSS score of less than 1 % confirms a very low probability of real‑world exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local execution of the Exiv2 binary with the preview flag, making the attack vector local. Because the flaw only causes a crash, it constitutes a denial‑of‑service with limited strategic impact.

Generated by OpenCVE AI on April 16, 2026 at 14:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Exiv2 to version 0.28.8 or newer, which removes the integer underflow and adds bounds checks in the preview loader.
  • If an immediate upgrade is not possible, do not invoke the preview functionality – omit the –pp flag when running Exiv2; remove it from any scripts that call the utility.
  • As a temporary safeguard, validate input dimensions and prevent underflow by ensuring offsets are non‑negative before performing calculations, thereby mitigating the risk of heap corruption.

Generated by OpenCVE AI on April 16, 2026 at 14:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 22:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Thu, 05 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

threat_severity

Low

Wed, 04 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Exiv2
Exiv2 exiv2
Vendors & Products Exiv2
Exiv2 exiv2

Mon, 02 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
Description Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.
Title Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow
Weaknesses CWE-125
CWE-191
References
Metrics cvssV4_0

{'score': 2.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Exiv2 Exiv2
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-02T20:25:31.790Z

Reserved: 2026-02-20T19:43:14.601Z

Link: CVE-2026-27596

cve-icon Vulnrichment

Updated: 2026-03-02T20:25:20.476Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-02T20:16:27.217

Modified: 2026-03-05T22:16:24.193

Link: CVE-2026-27596

cve-icon Redhat

Severity : Low

Publid Date: 2026-03-02T19:40:48Z

Links: CVE-2026-27596 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T14:30:16Z

Weaknesses