CVE-2026-25884
Awaiting Analysis Awaiting Analysis - Queue
Out-of-Bounds Read in Exiv2 CRW Image Parser

Publication date: 2026-03-02

Last updated on: 2026-03-05

Assigner: GitHub, Inc.

Description
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-02
Last Modified
2026-03-05
Generated
2026-06-16
AI Q&A
2026-03-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25884
EUVD
EUVD-2026-9259
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
exiv2 exiv2 to 0.28.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-25884 is an out-of-bounds read vulnerability in the Exiv2 library, specifically in the CRW image parser within the function CrwMap::decode0x0805. The vulnerability occurs because the function attempts to create a string from image metadata without properly checking the buffer boundaries, which can cause it to read beyond the allocated memory buffer.'}, {'type': 'paragraph', 'content': "This improper bounds checking happens when reading data from a buffer until a null byte is found, but the function may read past the buffer's end, leading to undefined behavior or potential security issues. The issue was identified through fuzz testing and fixed by modifying the code to ensure the string is constructed using the exact size of the data, preventing out-of-bounds access."}] [1, 2, 3]

Impact Analysis

This vulnerability can lead to undefined behavior when processing specially crafted CRW image files, potentially causing the Exiv2 library or applications using it to read memory beyond the intended buffer.

While the bug is considered minor and has a low severity rating, out-of-bounds reads can sometimes be exploited to cause crashes or leak sensitive information, depending on the context in which the library is used.

However, this specific vulnerability has only been reproducible via fuzz testing and not through the standard Exiv2 command-line application, which reduces the likelihood of exploitation in typical use cases.

Compliance Impact

I don't know

Detection Guidance

The vulnerability in Exiv2 (CVE-2026-25884) is an out-of-bounds read in the CRW image parser that is reproducible only via fuzz testing and not through the standard exiv2 command-line application.

Detection through normal command-line usage is not effective because the bug does not reproduce with standard commands.

A regression test exists that runs Exiv2 on a specially crafted .crw file (issue_ghsa_9mxq_4j5g_5wrp.crw) to verify the fix, but this is part of the test suite and not a general detection command.

No specific detection commands for live systems or networks are provided.

Mitigation Strategies

The vulnerability has been fixed in Exiv2 version 0.28.8.

The immediate mitigation step is to upgrade Exiv2 to version 0.28.8 or later, which includes the patch that properly bounds checks the buffer read in the CRW image parser.

Avoid processing untrusted or specially crafted CRW image files with vulnerable versions of Exiv2.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25884. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart