Denial-of-Service Vulnerability in Exiv2 Library Affects Multiple Versions
CVE-2025-55304
1.8LOW
What is CVE-2025-55304?
The Exiv2 library, a popular C++ utility for handling image metadata, exhibits a denial-of-service vulnerability in version 0.28.5. A flaw in the ICC profile parsing process can lead to excessive resource consumption when processing specially crafted JPEG files, causing significant delays. This issue has been addressed in version 0.28.6. Users of Exiv2 are advised to upgrade promptly to mitigate potential disruptions.
Affected Version(s)
exiv2 < 0.28.6