pkg:PyPI/exiv2

17 total CVEsCRITICAL1HIGH3MEDIUM13

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2025-26623Exiv2 allows Use After Free
    >= 0.28.0, < 0.28.5
  • HIGH8.8CVE-2023-44398Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata.
    from 0, < e884a0955359107f4031c74a07406df7e99929a5 | from 0
  • HIGH7.8CVE-2020-18831Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of servic…
    from 0
  • HIGH7.5CVE-2021-31292An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of…
    from 0
  • MEDIUM6.5CVE-2020-18899An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of se…
    from 0
  • MEDIUM6.5CVE-2019-13114http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by ret…
  • MEDIUM6.5CVE-2018-20096There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3.
    from 0
  • MEDIUM6.5CVE-2018-20097There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3.
    from 0
  • MEDIUM6.5CVE-2018-20099There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3.
    from 0
  • MEDIUM6.5CVE-2018-20098There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3.
    from 0
  • MEDIUM6.5CVE-2017-9239exiv2 - security update
    from 0
  • MEDIUM5.5CVE-2025-55304Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata
    from 0, <= 0.17.3
  • MEDIUM5.5CVE-2025-54080Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file
    from 0, <= 0.17.3
  • MEDIUM5.5CVE-2024-25112Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder
    >= 0.16.0, < 0.16.1
  • MEDIUM5.5CVE-2024-25112Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder
    >= 0.16.0, < 0.16.1
  • MEDIUM5.5CVE-2024-24826Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder
    >= 0.16.0, < 0.16.1
  • MEDIUM5.5CVE-2024-24826Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder
    >= 0.16.0, < 0.16.1