Metrics
Affected Vendors & Products
Tue, 02 Sep 2025 22:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Exiv2 Exiv2 exiv2 | |
| CPEs | cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:* | |
| Vendors & Products | Exiv2 Exiv2 exiv2 | |
| Metrics | cvssV3_1 
 | cvssV3_1 
 | 
Wed, 14 May 2025 03:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Redhat Redhat enterprise Linux | |
| CPEs | cpe:/o:redhat:enterprise_linux:10.0 | |
| Vendors & Products | Redhat Redhat enterprise Linux | 
Wed, 19 Feb 2025 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Wed, 19 Feb 2025 14:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | |
| Metrics | threat_severity 
 | cvssV3_1 
 
 | 
Tue, 18 Feb 2025 19:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fixiso`. The bug is fixed in version v0.28.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |
| Title | Use After Free in Exiv2 | |
| Weaknesses | CWE-416 | |
| References |  | |
| Metrics | cvssV4_0 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: GitHub_M
Published: 2025-02-18T19:24:31.701Z
Updated: 2025-02-19T15:15:44.716Z
Reserved: 2025-02-12T14:51:02.719Z
Link: CVE-2025-26623
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-02-19T14:44:12.845Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2025-02-18T20:15:33.153
Modified: 2025-09-02T21:37:53.757
Link: CVE-2025-26623
 Redhat
                        Redhat