exifreader 4.1.1

Direct Vulnerabilities

Known vulnerabilities in the exifreader package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Improper Handling of Highly Compressed Data (Data Amplification) exifreader is a Library that parses Exif metadata in images. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containing a highly compressed zTXt chunk can cause ExifReader to materialize a disproportionately large Comment value in memory. How to fix Improper Handling of Highly Compressed Data (Data Amplification)? Upgrade `exifreader` to version 4.39.0 or higher.	<4.39.0
H Improper Validation of Specified Quantity in Input exifreader is a Library that parses Exif metadata in images. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficient bounds validation, causing excessive memory growth. In applications that parse attacker-supplied images, this may lead to denial of service through memory exhaustion. How to fix Improper Validation of Specified Quantity in Input? Upgrade `exifreader` to version 4.39.0 or higher.	<4.39.0

Vulnerability

Vulnerable Version

Improper Handling of Highly Compressed Data (Data Amplification)

exifreader is a Library that parses Exif metadata in images.

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containing a highly compressed zTXt chunk can cause ExifReader to materialize a disproportionately large Comment value in memory.

How to fix Improper Handling of Highly Compressed Data (Data Amplification)?

Upgrade exifreader to version 4.39.0 or higher.

<4.39.0

Improper Validation of Specified Quantity in Input

exifreader is a Library that parses Exif metadata in images.

Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficient bounds validation, causing excessive memory growth. In applications that parse attacker-supplied images, this may lead to denial of service through memory exhaustion.

How to fix Improper Validation of Specified Quantity in Input?

Upgrade exifreader to version 4.39.0 or higher.

<4.39.0

exifreader@4.1.1

Library that parses Exif metadata in images.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically