FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

exiv2 -- Denial-of-service

Affected packages
exiv2 < 0.28.6

Details

VuXML ID 340dc4c1-895a-11f0-b6e5-4ccc6adda413
Discovery 2025-08-29
Entry 2025-09-04

Kevin Backhouse reports:

A denial-of-service was found in Exiv2 version v0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file.

[source]

References

CVE Name CVE-2025-55304
URL https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.