Suggestions search

Untriaged

Filter by:

With package: python312Packages.exiv2

Found 3 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-27596

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Exiv2: Integer Underflow in LoaderNative::getData() Causes Heap Buffer Overflow

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.

References

https://github.com/Exiv2/exiv2/security/advisories/GHSA-3wgv-fg4w-75x7 x_refsource_CONFIRM
https://github.com/Exiv2/exiv2/issues/3511 x_refsource_MISC
https://github.com/Exiv2/exiv2/pull/3512 x_refsource_MISC
https://github.com/Exiv2/exiv2/commit/eaa9e21aabe06b3f91cfe66686f5ebc3ca3c0ed4 x_refsource_MISC

Affected products

exiv2

==< 0.28.8

Matching in nixpkgs

pkgs.exiv2

Library and command-line utility to manage image metadata

nixos-unstable 0.28.7
- nixpkgs-unstable 0.28.7
- nixos-unstable-small 0.28.7
nixos-25.11 0.28.7
- nixos-25.11-small 0.28.7
- nixpkgs-25.11-darwin 0.28.7

pkgs.gexiv2

GObject wrapper around the Exiv2 photo metadata library

nixos-unstable 0.14.6
- nixpkgs-unstable 0.14.6
- nixos-unstable-small 0.14.6
nixos-25.11 0.14.6
- nixos-25.11-small 0.14.6
- nixpkgs-25.11-darwin 0.14.6

pkgs.libsForQt5.libkexiv2

None

pkgs.kdePackages.libkexiv2

Wrapper around Exiv2 library to manipulate picture metadata as EXIF and XMP

nixos-unstable 25.12.2
- nixpkgs-unstable 25.12.2
- nixos-unstable-small 25.12.2
nixos-25.11 25.08.3
- nixos-25.11-small 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.python312Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-25.11 exiv2-0.17.5
- nixos-25.11-small exiv2-0.17.5
- nixpkgs-25.11-darwin exiv2-0.17.5

pkgs.python313Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0
nixos-25.11 exiv2-0.17.5
- nixos-25.11-small exiv2-0.17.5
- nixpkgs-25.11-darwin exiv2-0.17.5

pkgs.python314Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0

pkgs.plasma5Packages.libkexiv2

None

pkgs.python312Packages.py3exiv2

Python binding to the library exiv2

nixos-25.11 py3exiv2-0.12.0
- nixos-25.11-small py3exiv2-0.12.0
- nixpkgs-25.11-darwin py3exiv2-0.12.0

pkgs.python313Packages.py3exiv2

Python binding to the library exiv2

nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0
nixos-25.11 py3exiv2-0.12.0
- nixos-25.11-small py3exiv2-0.12.0
- nixpkgs-25.11-darwin py3exiv2-0.12.0

pkgs.python314Packages.py3exiv2

Python binding to the library exiv2

nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0

Package maintainers

@wegank Weijia Wang <contact@weijia.wang>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@NickCao Nick Cao <nickcao@nichi.co>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@K900 Ilya K. <me@0upti.me>
@zebreus Lennart Eichhorn <lennarteichhorn+nixpkgs@gmail.com>
@vinymeuh VinyMeuh <vinymeuh@gmail.com>

Permalink CVE-2026-27631

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Exiv2: Uncaught exception - cannot create std::vector larger than max_size()

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.

References

https://github.com/Exiv2/exiv2/security/advisories/GHSA-p2pw-7935-c73j x_refsource_CONFIRM
https://github.com/Exiv2/exiv2/issues/3513 x_refsource_MISC
https://github.com/Exiv2/exiv2/pull/3514 x_refsource_MISC
https://github.com/Exiv2/exiv2/commit/659db316eef745899a778a1e0b760a971d1b69df x_refsource_MISC

Affected products

exiv2

==< 0.28.8

Matching in nixpkgs

pkgs.exiv2

Library and command-line utility to manage image metadata

nixos-unstable 0.28.7
- nixpkgs-unstable 0.28.7
- nixos-unstable-small 0.28.7
nixos-25.11 0.28.7
- nixos-25.11-small 0.28.7
- nixpkgs-25.11-darwin 0.28.7

pkgs.gexiv2

GObject wrapper around the Exiv2 photo metadata library

nixos-unstable 0.14.6
- nixpkgs-unstable 0.14.6
- nixos-unstable-small 0.14.6
nixos-25.11 0.14.6
- nixos-25.11-small 0.14.6
- nixpkgs-25.11-darwin 0.14.6

pkgs.libsForQt5.libkexiv2

None

pkgs.kdePackages.libkexiv2

Wrapper around Exiv2 library to manipulate picture metadata as EXIF and XMP

nixos-unstable 25.12.2
- nixpkgs-unstable 25.12.2
- nixos-unstable-small 25.12.2
nixos-25.11 25.08.3
- nixos-25.11-small 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.python312Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-25.11 exiv2-0.17.5
- nixos-25.11-small exiv2-0.17.5
- nixpkgs-25.11-darwin exiv2-0.17.5

pkgs.python313Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0
nixos-25.11 exiv2-0.17.5
- nixos-25.11-small exiv2-0.17.5
- nixpkgs-25.11-darwin exiv2-0.17.5

pkgs.python314Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0

pkgs.plasma5Packages.libkexiv2

None

pkgs.python312Packages.py3exiv2

Python binding to the library exiv2

nixos-25.11 py3exiv2-0.12.0
- nixos-25.11-small py3exiv2-0.12.0
- nixpkgs-25.11-darwin py3exiv2-0.12.0

pkgs.python313Packages.py3exiv2

Python binding to the library exiv2

nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0
nixos-25.11 py3exiv2-0.12.0
- nixos-25.11-small py3exiv2-0.12.0
- nixpkgs-25.11-darwin py3exiv2-0.12.0

pkgs.python314Packages.py3exiv2

Python binding to the library exiv2

nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0

Package maintainers

@wegank Weijia Wang <contact@weijia.wang>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@NickCao Nick Cao <nickcao@nichi.co>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@K900 Ilya K. <me@0upti.me>
@zebreus Lennart Eichhorn <lennarteichhorn+nixpkgs@gmail.com>
@vinymeuh VinyMeuh <vinymeuh@gmail.com>

Permalink CVE-2026-25884

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Exiv2: Out-of-bounds read in CrwMap::decode0x0805

References

https://github.com/Exiv2/exiv2/security/advisories/GHSA-9mxq-4j5g-5wrp x_refsource_CONFIRM
https://github.com/Exiv2/exiv2/pull/3462 x_refsource_MISC
https://github.com/Exiv2/exiv2/commit/cbba4d206512fe63e12d164fdd1881562f072a9d x_refsource_MISC

Affected products

exiv2

==< 0.28.8

Matching in nixpkgs

pkgs.exiv2

Library and command-line utility to manage image metadata

nixos-unstable 0.28.7
- nixpkgs-unstable 0.28.7
- nixos-unstable-small 0.28.7
nixos-25.11 0.28.7
- nixos-25.11-small 0.28.7
- nixpkgs-25.11-darwin 0.28.7

pkgs.gexiv2

GObject wrapper around the Exiv2 photo metadata library

nixos-unstable 0.14.6
- nixpkgs-unstable 0.14.6
- nixos-unstable-small 0.14.6
nixos-25.11 0.14.6
- nixos-25.11-small 0.14.6
- nixpkgs-25.11-darwin 0.14.6

pkgs.libsForQt5.libkexiv2

None

pkgs.kdePackages.libkexiv2

Wrapper around Exiv2 library to manipulate picture metadata as EXIF and XMP

nixos-unstable 25.12.2
- nixpkgs-unstable 25.12.2
- nixos-unstable-small 25.12.2
nixos-25.11 25.08.3
- nixos-25.11-small 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.python312Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-25.11 exiv2-0.17.5
- nixos-25.11-small exiv2-0.17.5
- nixpkgs-25.11-darwin exiv2-0.17.5

pkgs.python313Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0
nixos-25.11 exiv2-0.17.5
- nixos-25.11-small exiv2-0.17.5
- nixpkgs-25.11-darwin exiv2-0.17.5

pkgs.python314Packages.exiv2

Low level Python interface to the Exiv2 C++ library

nixos-unstable exiv2-0.18.0
- nixpkgs-unstable exiv2-0.18.0
- nixos-unstable-small exiv2-0.18.0

pkgs.plasma5Packages.libkexiv2

None

pkgs.python312Packages.py3exiv2

Python binding to the library exiv2

nixos-25.11 py3exiv2-0.12.0
- nixos-25.11-small py3exiv2-0.12.0
- nixpkgs-25.11-darwin py3exiv2-0.12.0

pkgs.python313Packages.py3exiv2

Python binding to the library exiv2

nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0
nixos-25.11 py3exiv2-0.12.0
- nixos-25.11-small py3exiv2-0.12.0
- nixpkgs-25.11-darwin py3exiv2-0.12.0

pkgs.python314Packages.py3exiv2

Python binding to the library exiv2

nixos-unstable py3exiv2-0.12.0
- nixpkgs-unstable py3exiv2-0.12.0
- nixos-unstable-small py3exiv2-0.12.0

Package maintainers

@wegank Weijia Wang <contact@weijia.wang>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@NickCao Nick Cao <nickcao@nichi.co>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@K900 Ilya K. <me@0upti.me>
@zebreus Lennart Eichhorn <lennarteichhorn+nixpkgs@gmail.com>
@vinymeuh VinyMeuh <vinymeuh@gmail.com>