CVE-2026-25884

UNKNOWN 0.0

Exiv2: Out-of-bounds read in CrwMap::decode0x0805

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.

CWE	CWE-125
Vendor	exiv2
Product	exiv2
Published	Mar 2, 2026
Last Updated	Mar 2, 2026

Stay Ahead of the Next One

Get instant alerts for exiv2 exiv2

Be the first to know when new unknown vulnerabilities affecting exiv2 exiv2 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Exiv2 / exiv2

< 0.28.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp github.com: https://github.com/Exiv2/exiv2/pull/3462 github.com: https://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d