CVE-2026-27631

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df	Patch
https://github.com/Exiv2/exiv2/issues/3513	Issue Tracking
https://github.com/Exiv2/exiv2/pull/3514	Issue Tracking Patch
https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-02 20:16

Updated : 2026-03-05 12:31

NVD link : CVE-2026-27631

Mitre link : CVE-2026-27631

CVE.ORG link : CVE-2026-27631

JSON object : View

Products Affected

exiv2

exiv2

CWE

CWE-248

Uncaught Exception

{"id": "CVE-2026-27631", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-02T20:16:27.390", "references": [{"url": "https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Exiv2/exiv2/issues/3513", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Exiv2/exiv2/pull/3514", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-248"}]}], "descriptions": [{"lang": "en", "value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8."}, {"lang": "es", "value": "Exiv2 es una librer\u00eda de C++ y una utilidad de l\u00ednea de comandos para leer, escribir, eliminar y modificar metadatos de imagen Exif, IPTC, XMP e ICC. Antes de la versi\u00f3n 0.28.8, se encontr\u00f3 una excepci\u00f3n no capturada en Exiv2. La vulnerabilidad est\u00e1 en el componente de vista previa, que solo se activa al ejecutar Exiv2 con un argumento adicional de l\u00ednea de comandos, como -pp. Debido a un desbordamiento de entero, el c\u00f3digo intenta crear un std::vector enorme, lo que provoca que Exiv2 falle con una excepci\u00f3n no capturada. Este problema ha sido parcheado en la versi\u00f3n 0.28.8."}], "lastModified": "2026-03-05T12:31:24.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FCFF025-C0AB-444E-9B45-351EE6AC735A", "versionEndIncluding": "0.28.8"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}