QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-27631

Back to search

CVE-2026-27631

Published: Mar 2, 2026

Modified: Mar 2, 2026

PUBLISHED

Description

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.

VendorProductVersions

Exiv2

exiv2

affected
< 0.28.8

Weaknesses (CWE)

CWE-248

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now