QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-54080

Back to search

CVE-2025-54080

Published: Aug 29, 2025

Modified: Aug 29, 2025

PUBLISHED

Description

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. The bug is fixed in version 0.28.6.

VendorProductVersions

Exiv2

exiv2

affected
< 0.28.6

Weaknesses (CWE)

CWE-125

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now