CVE-2026-27631

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df	Patch
https://github.com/Exiv2/exiv2/issues/3513	Issue Tracking
https://github.com/Exiv2/exiv2/pull/3514	Issue Tracking Patch
https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*

History

05 Mar 2026, 12:31

Type	Values Removed	Values Added
First Time		Exiv2 exiv2 Exiv2
CPE		cpe:2.3:a:exiv2:exiv2::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
References	~~() https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df -~~	() https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df - Patch
References	~~() https://github.com/Exiv2/exiv2/issues/3513 -~~	() https://github.com/Exiv2/exiv2/issues/3513 - Issue Tracking
References	~~() https://github.com/Exiv2/exiv2/pull/3514 -~~	() https://github.com/Exiv2/exiv2/pull/3514 - Issue Tracking, Patch
References	~~() https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j -~~	() https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j - Patch, Vendor Advisory

02 Mar 2026, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-02 20:16

Updated : 2026-03-05 12:31

NVD link : CVE-2026-27631

Mitre link : CVE-2026-27631

CVE.ORG link : CVE-2026-27631

JSON object : View

Products Affected

exiv2

exiv2

CWE

CWE-248

Uncaught Exception

{"id": "CVE-2026-27631", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-02T20:16:27.390", "references": [{"url": "https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Exiv2/exiv2/issues/3513", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Exiv2/exiv2/pull/3514", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-248"}]}], "descriptions": [{"lang": "en", "value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8."}], "lastModified": "2026-03-05T12:31:24.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FCFF025-C0AB-444E-9B45-351EE6AC735A", "versionEndIncluding": "0.28.8"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}