Out-of-Bounds Read Vulnerability in Exiv2 C++ Image Metadata Library
CVE-2025-54080

1.8LOW

Key Information:

Vendor

Exiv2

Status
Vendor
CVE Published:
29 August 2025

What is CVE-2025-54080?

Exiv2, a C++ library for managing image metadata, is susceptible to an out-of-bounds read vulnerability when processing carefully crafted image files. This issue arises specifically during the metadata writing operation, potentially leading to a denial of service by crashing the Exiv2 utility if exploited. Users are recommended to update to version 0.28.6 or later to mitigate this vulnerability and enhance application stability.

Affected Version(s)

exiv2 < 0.28.6

References

CVSS V4

Score:
1.8
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-54080 : Out-of-Bounds Read Vulnerability in Exiv2 C++ Image Metadata Library