Denial-of-Service Vulnerability in Exiv2 Library Affects Multiple Versions
CVE-2025-55304

1.8LOW

Key Information:

Vendor

Exiv2

Status
Exiv2
Vendor
CVE Published:
29 August 2025

What is CVE-2025-55304?

The Exiv2 library, a popular C++ utility for handling image metadata, exhibits a denial-of-service vulnerability in version 0.28.5. A flaw in the ICC profile parsing process can lead to excessive resource consumption when processing specially crafted JPEG files, causing significant delays. This issue has been addressed in version 0.28.6. Users of Exiv2 are advised to upgrade promptly to mitigate potential disruptions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

exiv2 < 0.28.6

References

https://github.com/Exiv2/exiv2/security/advisories/GHSA-m...
x_refsource_CONFIRM
https://github.com/Exiv2/exiv2/issues/3333
x_refsource_MISC
https://github.com/Exiv2/exiv2/pull/3335
x_refsource_MISC

CVSS V4

Score:
1.8
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.