Exiv2: Multiple Vulnerabilities Multiple vulnerabilities have been found in Exiv2, the worst of which can lead to a crash via Denial of Service. exiv2 2026-03-09 2026-03-09 942164 970828 remote 0.28.8 0.28.8

Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images.

The following vulnerabilities have been discovered in Exiv2: 2 out of bounds reads, an integer overflow, and an uncaught exception. The worst of which can lead to a Denial of Service via a crash of the program. Please review the CVE identifiers referenced below for details.

The following is a possible outcome: data leakage via an out-of-bounds read or a Denial of Service via a crash of the program.

Avoid using the CLI tool, exiv2, with untrusted files.

All Exiv2 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.28.8" CVE-2024-39695 CVE-2026-25884 CVE-2026-27596 CVE-2026-27631 GHSA-3wgv-fg4w-75x7 GHSA-9mxq-4j5g-5wrp GHSA-p2pw-7935-c73j csfore csfore