Suggestions search

All statuses

Filter by:

With package: exiv2

Found 3 matching suggestions

View:

Compact

Detailed

Published

Permalink CVE-2026-27631

updated 3 months, 3 weeks ago by @LeSuisse Activity log

Created suggestion 3 months, 3 weeks ago
@LeSuisse ignored
10 packages
- gexiv2
- libsForQt5.libkexiv2
- kdePackages.libkexiv2
- python312Packages.exiv2
- python313Packages.exiv2
- python314Packages.exiv2
- plasma5Packages.libkexiv2
- python312Packages.py3exiv2
- python313Packages.py3exiv2
- python314Packages.py3exiv2
3 months, 3 weeks ago
@LeSuisse accepted 3 months, 3 weeks ago
@LeSuisse published on GitHub 3 months, 3 weeks ago

Exiv2: Uncaught exception - cannot create std::vector larger than max_size()

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.

References

https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j x_refsource_CONFIRM
https://github.com/Exiv2/exiv2/issues/3513 x_refsource_MISC
https://github.com/Exiv2/exiv2/pull/3514 x_refsource_MISC
https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df x_refsource_MISC

Affected products

exiv2

==< 0.28.8

Matching in nixpkgs

pkgs.exiv2

Library and command-line utility to manage image metadata

nixos-unstable 0.28.7
- nixpkgs-unstable 0.28.7
- nixos-unstable-small 0.28.7

Ignored packages (10)

pkgs.gexiv2

GObject wrapper around the Exiv2 photo metadata library

nixos-unstable 0.14.6
- nixpkgs-unstable 0.14.6
- nixos-unstable-small 0.14.6

pkgs.libsForQt5.libkexiv2

None

pkgs.kdePackages.libkexiv2

Wrapper around Exiv2 library to manipulate picture metadata as EXIF and XMP

nixos-unstable 25.12.2
- nixpkgs-unstable 25.12.2
- nixos-unstable-small 25.12.2

pkgs.python312Packages.exiv2

None

pkgs.python313Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0

pkgs.python314Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0

pkgs.plasma5Packages.libkexiv2

None

pkgs.python312Packages.py3exiv2

None

pkgs.python313Packages.py3exiv2

Python binding to the library exiv2

nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0

pkgs.python314Packages.py3exiv2

Python binding to the library exiv2

nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0

Package maintainers

@wegank Weijia Wang <contact@weijia.wang>

Upstream advisory: https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j
Upstream patch: https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df

Published

Permalink CVE-2026-27596

updated 3 months, 3 weeks ago by @LeSuisse Activity log

Created suggestion 3 months, 3 weeks ago
@LeSuisse ignored
10 packages
- gexiv2
- libsForQt5.libkexiv2
- kdePackages.libkexiv2
- python312Packages.exiv2
- python313Packages.exiv2
- python314Packages.exiv2
- plasma5Packages.libkexiv2
- python312Packages.py3exiv2
- python313Packages.py3exiv2
- python314Packages.py3exiv2
3 months, 3 weeks ago
@LeSuisse accepted 3 months, 3 weeks ago
@LeSuisse published on GitHub 3 months, 3 weeks ago

Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.

References

https://github.com/Exiv2/exiv2/security/advisories/GHSA-3wgv-fg4w-75x7 x_refsource_CONFIRM
https://github.com/Exiv2/exiv2/issues/3511 x_refsource_MISC
https://github.com/Exiv2/exiv2/pull/3512 x_refsource_MISC
https://github.com/Exiv2/exiv2/commit/eaa9e21aabe06b3f91cfe66686f5ebc3ca3c0ed4 x_refsource_MISC

Affected products

exiv2

==< 0.28.8

Matching in nixpkgs

pkgs.exiv2

Library and command-line utility to manage image metadata

nixos-unstable 0.28.7
- nixpkgs-unstable 0.28.7
- nixos-unstable-small 0.28.7

Ignored packages (10)

pkgs.gexiv2

GObject wrapper around the Exiv2 photo metadata library

nixos-unstable 0.14.6
- nixpkgs-unstable 0.14.6
- nixos-unstable-small 0.14.6

pkgs.libsForQt5.libkexiv2

None

pkgs.kdePackages.libkexiv2

Wrapper around Exiv2 library to manipulate picture metadata as EXIF and XMP

nixos-unstable 25.12.2
- nixpkgs-unstable 25.12.2
- nixos-unstable-small 25.12.2

pkgs.python312Packages.exiv2

None

pkgs.python313Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0

pkgs.python314Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0

pkgs.plasma5Packages.libkexiv2

None

pkgs.python312Packages.py3exiv2

None

pkgs.python313Packages.py3exiv2

Python binding to the library exiv2

nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0

pkgs.python314Packages.py3exiv2

Python binding to the library exiv2

nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0

Package maintainers

@wegank Weijia Wang <contact@weijia.wang>

Upstream advisory: https://github.com/Exiv2/exiv2/security/advisories/GHSA-3wgv-fg4w-75x7
Upstream patch: https://github.com/Exiv2/exiv2/commit/eaa9e21aabe06b3f91cfe66686f5ebc3ca3c0ed4

Published

Permalink CVE-2026-25884

updated 3 months, 3 weeks ago by @LeSuisse Activity log

Created suggestion 3 months, 3 weeks ago
@LeSuisse ignored
10 packages
- gexiv2
- libsForQt5.libkexiv2
- kdePackages.libkexiv2
- python312Packages.exiv2
- python313Packages.exiv2
- python314Packages.exiv2
- plasma5Packages.libkexiv2
- python312Packages.py3exiv2
- python313Packages.py3exiv2
- python314Packages.py3exiv2
3 months, 3 weeks ago
@LeSuisse accepted 3 months, 3 weeks ago
@LeSuisse published on GitHub 3 months, 3 weeks ago

Exiv2: Out-of-bounds read in CrwMap::decode0x0805

References

https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp x_refsource_CONFIRM
https://github.com/Exiv2/exiv2/pull/3462 x_refsource_MISC
https://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d x_refsource_MISC

Affected products

exiv2

==< 0.28.8

Matching in nixpkgs

pkgs.exiv2

Library and command-line utility to manage image metadata

nixos-unstable 0.28.7
- nixpkgs-unstable 0.28.7
- nixos-unstable-small 0.28.7

Ignored packages (10)

pkgs.gexiv2

GObject wrapper around the Exiv2 photo metadata library

nixos-unstable 0.14.6
- nixpkgs-unstable 0.14.6
- nixos-unstable-small 0.14.6

pkgs.libsForQt5.libkexiv2

None

pkgs.kdePackages.libkexiv2

Wrapper around Exiv2 library to manipulate picture metadata as EXIF and XMP

nixos-unstable 25.12.2
- nixpkgs-unstable 25.12.2
- nixos-unstable-small 25.12.2

pkgs.python312Packages.exiv2

None

pkgs.python313Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0

pkgs.python314Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0

pkgs.plasma5Packages.libkexiv2

None

pkgs.python312Packages.py3exiv2

None

pkgs.python313Packages.py3exiv2

Python binding to the library exiv2

nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0

pkgs.python314Packages.py3exiv2

Python binding to the library exiv2

nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0

Package maintainers

@wegank Weijia Wang <contact@weijia.wang>

Upstream advisory: https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp
Upstream patch: https://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d