Nixpkgs security tracker
Activity log
- Created suggestion
Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.
References
-
https://github.com/Exiv2/exiv2/security/advisories/GHSA-3wgv-fg4w-75x7 x_refsource_CONFIRM
-
https://github.com/Exiv2/exiv2/issues/3511 x_refsource_MISC
-
https://github.com/Exiv2/exiv2/pull/3512 x_refsource_MISC
Affected products
- ==< 0.28.8
Matching in nixpkgs
pkgs.exiv2
Library and command-line utility to manage image metadata
pkgs.gexiv2
GObject wrapper around the Exiv2 photo metadata library
pkgs.libsForQt5.libkexiv2
None
pkgs.kdePackages.libkexiv2
Wrapper around Exiv2 library to manipulate picture metadata as EXIF and XMP
pkgs.python312Packages.exiv2
Low level Python interface to the Exiv2 C++ library
-
nixos-25.11 exiv2-0.17.5
- nixos-25.11-small exiv2-0.17.5
- nixpkgs-25.11-darwin exiv2-0.17.5
pkgs.python313Packages.exiv2
Low level Python interface to the Exiv2 C++ library
-
nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0
-
nixos-25.11 exiv2-0.17.5
- nixos-25.11-small exiv2-0.17.5
- nixpkgs-25.11-darwin exiv2-0.17.5
pkgs.python314Packages.exiv2
Low level Python interface to the Exiv2 C++ library
-
nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0
pkgs.plasma5Packages.libkexiv2
None
pkgs.python312Packages.py3exiv2
Python binding to the library exiv2
-
nixos-25.11 py3exiv2-0.12.0
- nixos-25.11-small py3exiv2-0.12.0
- nixpkgs-25.11-darwin py3exiv2-0.12.0
pkgs.python313Packages.py3exiv2
Python binding to the library exiv2
-
nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0
-
nixos-25.11 py3exiv2-0.12.0
- nixos-25.11-small py3exiv2-0.12.0
- nixpkgs-25.11-darwin py3exiv2-0.12.0
pkgs.python314Packages.py3exiv2
Python binding to the library exiv2
-
nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0
Package maintainers
-
@wegank Weijia Wang <contact@weijia.wang>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@K900 Ilya K. <me@0upti.me>
-
@zebreus Lennart Eichhorn <lennarteichhorn+nixpkgs@gmail.com>
-
@vinymeuh VinyMeuh <vinymeuh@gmail.com>