CVE-2026-27631
Integer Overflow in Exiv2 Preview Component Causes Crash
Publication date: 2026-03-02
Last updated on: 2026-03-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| exiv2 | exiv2 | to 0.28.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-248 | An exception is thrown from a function, but it is not caught. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-27631 is a low-severity vulnerability in the Exiv2 library, specifically in the preview component triggered by using an extra command line argument such as -pp.
The issue arises from an integer overflow that causes the program to attempt to create a std::vector larger than its maximum allowable size, which leads to an uncaught exception and causes Exiv2 to crash.
This vulnerability was discovered through fuzz testing and is fixed in Exiv2 version 0.28.8 by adding checks that enforce size limits on resource data to prevent integer overflow during PSD resource block parsing.
How can this vulnerability impact me? :
The vulnerability can cause Exiv2 to crash unexpectedly when processing specially crafted input files with the preview component enabled.
This crash results from an uncaught exception triggered by an integer overflow leading to an attempt to allocate an excessively large vector.
While the impact is limited to denial of service (application crash), it could affect applications or systems relying on Exiv2 for image metadata processing, potentially causing instability or service interruptions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing if the Exiv2 version in use is vulnerable (prior to 0.28.8) and by attempting to trigger the crash using the preview component with an extra command line argument such as -pp.
A practical detection method involves running Exiv2 with the -pp argument on PSD files, especially crafted or malformed ones, to see if the program crashes due to an uncaught exception caused by integer overflow.
There is a proof-of-concept PSD file (issue_3513_poc.psd) used in regression tests to trigger this vulnerability and verify detection.
While no explicit commands are provided, you can run the following command to test for the vulnerability on your system:
- exiv2 -pp <path_to_test_psd_file>
If the program crashes or throws an uncaught exception, it indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Exiv2 to version 0.28.8 or later, where the vulnerability has been patched.
The patch introduces strict bounds checking on the size of the native preview resource to prevent integer overflow and subsequent crashes.
If upgrading immediately is not possible, avoid running Exiv2 with the -pp argument on untrusted or malformed PSD files to reduce the risk of triggering the vulnerability.
Additionally, applying the patch from pull request #3514 or the corresponding commit can mitigate the issue by enforcing size limits and preventing unsafe operations.