{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25884", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-06T21:08:39.129Z", "datePublished": "2026-03-02T19:41:21.157Z", "dateUpdated": "2026-03-02T20:15:22.706Z"}, "containers": {"cna": {"title": "Exiv2: Out-of-bounds read in CrwMap::decode0x0805", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "version": "4.0"}}], "references": [{"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp"}, {"name": "https://github.com/Exiv2/exiv2/pull/3462", "tags": ["x_refsource_MISC"], "url": "https://github.com/Exiv2/exiv2/pull/3462"}, {"name": "https://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d", "tags": ["x_refsource_MISC"], "url": "https://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d"}], "affected": [{"vendor": "Exiv2", "product": "exiv2", "versions": [{"version": "< 0.28.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-02T19:41:21.157Z"}, "descriptions": [{"lang": "en", "value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8."}], "source": {"advisory": "GHSA-9mxq-4j5g-5wrp", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T20:15:01.199664Z", "id": "CVE-2026-25884", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T20:15:22.706Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25884", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-02T20:15:01.199664Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T20:15:16.160Z"}}], "cna": {"title": "Exiv2: Out-of-bounds read in CrwMap::decode0x0805", "source": {"advisory": "GHSA-9mxq-4j5g-5wrp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "Exiv2", "product": "exiv2", "versions": [{"status": "affected", "version": "< 0.28.8"}]}], "references": [{"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp", "name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Exiv2/exiv2/pull/3462", "name": "https://github.com/Exiv2/exiv2/pull/3462", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d", "name": "https://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-02T19:41:21.157Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25884", "state": "PUBLISHED", "dateUpdated": "2026-03-02T20:15:22.706Z", "dateReserved": "2026-02-06T21:08:39.129Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-02T19:41:21.157Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E856F04-2C58-41F7-8F09-6313FD6A0D53", "versionEndExcluding": "0.28.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8."}], "id": "CVE-2026-25884", "lastModified": "2026-03-05T12:32:39.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-02T20:16:26.560", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/Exiv2/exiv2/pull/3462"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "Exiv2: Exiv2: Denial of service via out-of-bounds read in CRW image parser", "id": "2443992", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443992"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "details": ["Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8."], "name": "CVE-2026-25884", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "compat-exiv2-023", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "compat-exiv2-026", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "compat-exiv2-026", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "exiv2", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-02T19:41:21Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-25884\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25884\nhttps://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d\nhttps://github.com/Exiv2/exiv2/pull/3462\nhttps://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp"], "statement": "This LOW impact vulnerability in Exiv2, an image metadata library, involves an out-of-bounds read within its CRW image parser. Exploitation requires processing a specially crafted CRW image file.", "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.28.8)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "exiv2", "source": "cna", "vendor": "Exiv2"}, "product": "exiv2", "vendor": "exiv2"}], "analysis": {"en": {"generated_at": "2026-04-18T10:07:26.302007+00:00", "value": {"mitigation_remediation": ["Upgrade Exiv2 to version 0.28.8 or newer to patch the out\u2011of\u2011bounds read vulnerability.", "If an upgrade is not immediately feasible, recompile code to exclude CRW support or disable CRW parsing in the application configuration.", "Implement a temporary policy to reject or sanitize CRW files until the library is upgraded."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Vulnerable versions are any releases of the Exiv2 library prior to 0.28.8. Applications, utilities, or services that rely on this library to handle CRW images\u2014such as image editors, metadata processors, or automated media ingestion pipelines\u2014could be impacted. The exact scope depends on the systems that use older Exiv2 binaries or source code.", "description_and_impact": "The vulnerability occurs when Exiv2 parses CRW image files, where the internal CrwMap::decode0x0805 function performs an out\u2011of\u2011bounds read. This allows an adversary to read unintended data from memory, potentially leaking sensitive information such as metadata or other data residing in the process address space. The weakness is classified as CWE\u2011125, a classic out\u2011of\u2011bounds read that can expose confidential data but does not allow arbitrary code execution or privilege escalation based on the current evidence.", "risk_and_exploitability": "The CVSS score of 2.7 indicates low overall impact, and the EPSS score of less than 1 percent suggests a very low probability of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. Attackers would likely need to supply a crafted CRW file to the vulnerable application, inferring that the primary attack vector is local file input or potentially remote if the application accepts user\u2011supplied image data over a network. No known exploit code is publicly available, and the condition requires the parser to be invoked with the specific malformed data referenced in the patch commit."}}}}, "created": "2026-03-03T08:41:00.978491+00:00", "updated": "2026-04-18T10:15:25.871999+00:00", "vendors": ["exiv2", "exiv2$PRODUCT$exiv2"]}