CNNVD-202508-3567 Information
CNNVD ID
CNNVD-202508-3567
Related CVE
- CNNVD Published: 2025-08-29
Description (Chinese)
Exiv2是Andreas Huggel个人开发者的一套用于管理图像元数据的C++库和命令行应用程序。该产品提供了读取和写入EXIF、IPTC和XMP等多种格式图像元数据的功能。 Exiv2 0.28.5版本存在安全漏洞,该漏洞源于ICC配置文件解析存在二次算法问题,可能导致拒绝服务。
Description (English)
Exiv2 is a set of C++ libraries and command line applications used by Andreas Huggel personal developers to manage image metadata. The product provides access to and write to image metadata in various formats such as EXIF, IPTC and XMP. There is a security loophole in version Exiv2 0.28.5, which stems from a secondary algorithm problem with the resolution of the ICC configuration document, which may lead to the denial of services.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-08-29
Last Modified
2026-02-24
References
https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g https://github.com/Exiv2/exiv2/pull/3345 https://github.com/Exiv2/exiv2/pull/3335 https://github.com/Exiv2/exiv2/issues/3333 https://vigilance.fr/vulnerability/Exiv2-overload-via-jpegBase-readMetadata-48101 https://nvd.nist.gov/vuln/detail/CVE-2025-55304