Nixpkgs security tracker
Activity log
- Created suggestion
Exiv2: Uncaught exception - cannot create std::vector larger than max_size()
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.
References
-
https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j x_refsource_CONFIRM
-
https://github.com/Exiv2/exiv2/issues/3513 x_refsource_MISC
-
https://github.com/Exiv2/exiv2/pull/3514 x_refsource_MISC
Affected products
- ==< 0.28.8
Matching in nixpkgs
pkgs.exiv2
Library and command-line utility to manage image metadata
pkgs.gexiv2
GObject wrapper around the Exiv2 photo metadata library
pkgs.libsForQt5.libkexiv2
None
pkgs.kdePackages.libkexiv2
Wrapper around Exiv2 library to manipulate picture metadata as EXIF and XMP
pkgs.python312Packages.exiv2
Low level Python interface to the Exiv2 C++ library
-
nixos-25.11 exiv2-0.17.5
- nixos-25.11-small exiv2-0.17.5
- nixpkgs-25.11-darwin exiv2-0.17.5
pkgs.python313Packages.exiv2
Low level Python interface to the Exiv2 C++ library
-
nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0
-
nixos-25.11 exiv2-0.17.5
- nixos-25.11-small exiv2-0.17.5
- nixpkgs-25.11-darwin exiv2-0.17.5
pkgs.python314Packages.exiv2
Low level Python interface to the Exiv2 C++ library
-
nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0
pkgs.plasma5Packages.libkexiv2
None
pkgs.python312Packages.py3exiv2
Python binding to the library exiv2
-
nixos-25.11 py3exiv2-0.12.0
- nixos-25.11-small py3exiv2-0.12.0
- nixpkgs-25.11-darwin py3exiv2-0.12.0
pkgs.python313Packages.py3exiv2
Python binding to the library exiv2
-
nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0
-
nixos-25.11 py3exiv2-0.12.0
- nixos-25.11-small py3exiv2-0.12.0
- nixpkgs-25.11-darwin py3exiv2-0.12.0
pkgs.python314Packages.py3exiv2
Python binding to the library exiv2
-
nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0
Package maintainers
-
@wegank Weijia Wang <contact@weijia.wang>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@K900 Ilya K. <me@0upti.me>
-
@zebreus Lennart Eichhorn <lennarteichhorn+nixpkgs@gmail.com>
-
@vinymeuh VinyMeuh <vinymeuh@gmail.com>