CVE-2026-27631
Awaiting Analysis Awaiting Analysis - Queue
Integer Overflow in Exiv2 Preview Component Causes Crash

Publication date: 2026-03-02

Last updated on: 2026-03-05

Assigner: GitHub, Inc.

Description
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-02
Last Modified
2026-03-05
Generated
2026-06-16
AI Q&A
2026-03-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27631
EUVD
EUVD-2026-9263
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
exiv2 exiv2 to 0.28.8 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-248 An exception is thrown from a function, but it is not caught.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-27631 is a low-severity vulnerability in the Exiv2 library, specifically in the preview component triggered by using an extra command line argument such as -pp.

The issue arises from an integer overflow that causes the program to attempt to create a std::vector larger than its maximum allowable size, which leads to an uncaught exception and causes Exiv2 to crash.

This vulnerability was discovered through fuzz testing and is fixed in Exiv2 version 0.28.8 by adding checks that enforce size limits on resource data to prevent integer overflow during PSD resource block parsing.

Impact Analysis

The vulnerability can cause Exiv2 to crash unexpectedly when processing specially crafted input files with the preview component enabled.

This crash results from an uncaught exception triggered by an integer overflow leading to an attempt to allocate an excessively large vector.

While the impact is limited to denial of service (application crash), it could affect applications or systems relying on Exiv2 for image metadata processing, potentially causing instability or service interruptions.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by testing if the Exiv2 version in use is vulnerable (prior to 0.28.8) and by attempting to trigger the crash using the preview component with an extra command line argument such as -pp.

A practical detection method involves running Exiv2 with the -pp argument on PSD files, especially crafted or malformed ones, to see if the program crashes due to an uncaught exception caused by integer overflow.

There is a proof-of-concept PSD file (issue_3513_poc.psd) used in regression tests to trigger this vulnerability and verify detection.

While no explicit commands are provided, you can run the following command to test for the vulnerability on your system:

  • exiv2 -pp <path_to_test_psd_file>

If the program crashes or throws an uncaught exception, it indicates the presence of the vulnerability.

Mitigation Strategies

The immediate mitigation step is to upgrade Exiv2 to version 0.28.8 or later, where the vulnerability has been patched.

The patch introduces strict bounds checking on the size of the native preview resource to prevent integer overflow and subsequent crashes.

If upgrading immediately is not possible, avoid running Exiv2 with the -pp argument on untrusted or malformed PSD files to reduce the risk of triggering the vulnerability.

Additionally, applying the patch from pull request #3514 or the corresponding commit can mitigate the issue by enforcing size limits and preventing unsafe operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27631. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart