CNNVD-202508-3568 Information
CNNVD ID
CNNVD-202508-3568
Related CVE
- CNNVD Published: 2025-08-29
Description (Chinese)
Exiv2是Andreas Huggel个人开发者的一套用于管理图像元数据的C++库和命令行应用程序。该产品提供了读取和写入EXIF、IPTC和XMP等多种格式图像元数据的功能。 Exiv2 0.28.5及之前版本存在缓冲区错误漏洞,该漏洞源于越界读取,可能导致拒绝服务。
Description (English)
Exiv2 is a set of C++ libraries and command line applications used by Andreas Huggel personal developers to manage image metadata. The product provides access to and write to image metadata in various formats such as EXIF, IPTC and XMP. Exiv2 0.28.5 and previous versions had an error loophole in the buffer zone, which originated in cross-border access and could lead to the denial of services.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
个人开发者
Published
2025-08-29
Last Modified
2026-02-24
References
https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39 https://github.com/Exiv2/exiv2/commit/e737332427711f15bcdc4e903203d6b7493eaec0 https://nvd.nist.gov/vuln/detail/CVE-2025-54080 https://vigilance.fr/vulnerability/Exiv2-out-of-bounds-memory-reading-via-Metadata-Into-48100