The vulnerability exists in libexif version 0.6.25 and earlier during MakerNotes decoding. If the function exif_mnote_data_get_value receives a size of zero, an integer underflow occurs, allowing a caller‑supplied buffer to be overwritten. Key detail from vendor description: "If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in‑buffer would be overwritten due to an integer underflow." This weakness is identified as CWE‑191 and can lead to memory corruption. Based on the description, it is inferred that an attacker who can control EXIF data may trigger the overwrite, potentially enabling arbitrary code execution if the corruption affects executable code. The primary impact is therefore a buffer overwrite that could compromise confidentiality, integrity, or availability of the affected process.

The affected product is the libexif library, version 0.6.25 and all earlier releases. Any application or system that incorporates libexif 0.6.25 or older is vulnerable. This includes software that parses EXIF metadata from images or other media files. The vulnerability is not limited to any specific vendor; it applies to all distributions of libexif up to the stated version.

The CVSS score is 7.4, indicating a high severity. The EPSS score is below 1%, suggesting a low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is inferred to be local or remote via the injection of malicious EXIF data, such as by uploading a crafted image file. Exploitation requires providing the vulnerable input to a component that decodes MakerNotes, so the threat is greatest for software that accepts user‑supplied images without validating or sanitizing EXIF information.