Exiv2: Multiple Vulnerabilities — GLSA 202603-01

Multiple vulnerabilities have been found in Exiv2, the worst of which can lead to a crash via Denial of Service.

Affected packages

Background

Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images.

Description

The following vulnerabilities have been discovered in Exiv2: 2 out of bounds reads, an integer overflow, and an uncaught exception. The worst of which can lead to a Denial of Service via a crash of the program. Please review the CVE identifiers referenced below for details.

Impact

The following is a possible outcome: data leakage via an out-of-bounds read or a Denial of Service via a crash of the program.

Workaround

Avoid using the CLI tool, exiv2, with untrusted files.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.28.8"
 

References

• CVE-2024-39695
• CVE-2026-25884
• CVE-2026-27596
• CVE-2026-27631
• GHSA-3wgv-fg4w-75x7
• GHSA-9mxq-4j5g-5wrp
• GHSA-p2pw-7935-c73j

Release date
March 09, 2026

Latest revision
March 09, 2026: 1

Severity
low

Exploitable
remote

Bugzilla entries

• 942164
• 970828