NIXPKGS-2026-0495

GitHub issue published 3 months, 3 weeks ago

Permalink CVE-2026-27631

updated 3 months, 3 weeks ago by @LeSuisse Activity log

Created suggestion 3 months, 3 weeks ago
@LeSuisse ignored
10 packages
- gexiv2
- libsForQt5.libkexiv2
- kdePackages.libkexiv2
- python312Packages.exiv2
- python313Packages.exiv2
- python314Packages.exiv2
- plasma5Packages.libkexiv2
- python312Packages.py3exiv2
- python313Packages.py3exiv2
- python314Packages.py3exiv2
3 months, 3 weeks ago
@LeSuisse accepted 3 months, 3 weeks ago
@LeSuisse published on GitHub 3 months, 3 weeks ago

Exiv2: Uncaught exception - cannot create std::vector larger than max_size()

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.

References

https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j x_refsource_CONFIRM
https://github.com/Exiv2/exiv2/issues/3513 x_refsource_MISC
https://github.com/Exiv2/exiv2/pull/3514 x_refsource_MISC
https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df x_refsource_MISC

Affected products

exiv2

==< 0.28.8

Matching in nixpkgs

pkgs.exiv2

Library and command-line utility to manage image metadata

nixos-unstable 0.28.7
- nixpkgs-unstable 0.28.7
- nixos-unstable-small 0.28.7

Ignored packages (10)

pkgs.gexiv2

GObject wrapper around the Exiv2 photo metadata library

nixos-unstable 0.14.6
- nixpkgs-unstable 0.14.6
- nixos-unstable-small 0.14.6

pkgs.libsForQt5.libkexiv2

None

pkgs.kdePackages.libkexiv2

Wrapper around Exiv2 library to manipulate picture metadata as EXIF and XMP

nixos-unstable 25.12.2
- nixpkgs-unstable 25.12.2
- nixos-unstable-small 25.12.2

pkgs.python312Packages.exiv2

None

pkgs.python313Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0

pkgs.python314Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0

pkgs.plasma5Packages.libkexiv2

None

pkgs.python312Packages.py3exiv2

None

pkgs.python313Packages.py3exiv2

Python binding to the library exiv2

nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0

pkgs.python314Packages.py3exiv2

Python binding to the library exiv2

nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0

Package maintainers

@wegank Weijia Wang <contact@weijia.wang>

Upstream advisory: https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j
Upstream patch: https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0495

References

Affected products

Matching in nixpkgs

pkgs.exiv2

pkgs.gexiv2

pkgs.libsForQt5.libkexiv2

pkgs.kdePackages.libkexiv2

pkgs.python312Packages.exiv2

pkgs.python313Packages.exiv2

pkgs.python314Packages.exiv2

pkgs.plasma5Packages.libkexiv2

pkgs.python312Packages.py3exiv2

pkgs.python313Packages.py3exiv2

pkgs.python314Packages.py3exiv2

Package maintainers