Integer Overflow or Wraparound Affecting exiv2 package, versions [0,]


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.3% (54th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CONAN-EXIV2-10075627
  • published8 May 2025
  • disclosed8 Nov 2018
  • creditUnknown

Introduced: 8 Nov 2018

CVE-2018-19107  (opens in a new tab)
CWE-125  (opens in a new tab)
CWE-190  (opens in a new tab)

How to fix?

There is no fixed version for exiv2.

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.

CVSS Base Scores

version 3.1