Skip to content

Integer overflow in LoaderNative::getData() causes out-of-bounds read

Low
kevinbackhouse published GHSA-3wgv-fg4w-75x7 Mar 1, 2026

Package

exiv2 (C/C++)

Affected versions

0.28.7

Patched versions

0.28.8

Description

Impact

An out-of-bounds read was found in Exiv2 version v0.28.7. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. More details can be found in #3511.

Patches

The bug is fixed in version v0.28.8. It is fixed by #3512.

For more information

Please see our security policy for information about Exiv2 security.

Credit

This bug was found by @zerojackyi.

Severity

Low

CVE ID

CVE-2026-27596

Weaknesses

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer. Learn more on MITRE.

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. Learn more on MITRE.

Credits