CVE-2026-25884
Out-of-Bounds Read in Exiv2 CRW Image Parser
Publication date: 2026-03-02
Last updated on: 2026-03-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| exiv2 | exiv2 | to 0.28.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-25884 is an out-of-bounds read vulnerability in the Exiv2 library, specifically in the CRW image parser within the function CrwMap::decode0x0805. The vulnerability occurs because the function attempts to create a string from image metadata without properly checking the buffer boundaries, which can cause it to read beyond the allocated memory buffer.'}, {'type': 'paragraph', 'content': "This improper bounds checking happens when reading data from a buffer until a null byte is found, but the function may read past the buffer's end, leading to undefined behavior or potential security issues. The issue was identified through fuzz testing and fixed by modifying the code to ensure the string is constructed using the exact size of the data, preventing out-of-bounds access."}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to undefined behavior when processing specially crafted CRW image files, potentially causing the Exiv2 library or applications using it to read memory beyond the intended buffer.
While the bug is considered minor and has a low severity rating, out-of-bounds reads can sometimes be exploited to cause crashes or leak sensitive information, depending on the context in which the library is used.
However, this specific vulnerability has only been reproducible via fuzz testing and not through the standard Exiv2 command-line application, which reduces the likelihood of exploitation in typical use cases.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability in Exiv2 (CVE-2026-25884) is an out-of-bounds read in the CRW image parser that is reproducible only via fuzz testing and not through the standard exiv2 command-line application.
Detection through normal command-line usage is not effective because the bug does not reproduce with standard commands.
A regression test exists that runs Exiv2 on a specially crafted .crw file (issue_ghsa_9mxq_4j5g_5wrp.crw) to verify the fix, but this is part of the test suite and not a general detection command.
No specific detection commands for live systems or networks are provided.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been fixed in Exiv2 version 0.28.8.
The immediate mitigation step is to upgrade Exiv2 to version 0.28.8 or later, which includes the patch that properly bounds checks the buffer read in the CRW image parser.
Avoid processing untrusted or specially crafted CRW image files with vulnerable versions of Exiv2.