Skip to main content

Libexif EUVDEUVD-2026-12345

| CVE-2026-32775 HIGH
Integer Underflow (CWE-191)
2026-03-16 mitre
7.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.3 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Updated
Apr 21, 2026 - 14:15 vuln.today
v1 (cvss_changed)
Re-analysis Queued
Apr 21, 2026 - 14:07 vuln.today
cvss_changed
EUVD ID Assigned
Mar 16, 2026 - 07:00 euvd
EUVD-2026-12345
Analysis Generated
Mar 16, 2026 - 07:00 vuln.today
CVE Published
Mar 16, 2026 - 06:31 nvd
HIGH 7.4

DescriptionCVE.org

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.

AnalysisAI

Integer underflow in libexif 0.6.25 and earlier allows local attackers to overwrite memory via crafted MakerNote EXIF data in image files. The flaw occurs when exif_mnote_data_get_value receives a zero-size parameter, triggering a buffer overflow that can lead to arbitrary code execution or information disclosure. No active exploitation confirmed (CISA KEV absent), but upstream commit 7df372e exists. EPSS score of 0.01% suggests low widespread exploitation likelihood, though the high-complexity local attack vector (CVSS AV:L/AC:H) limits real-world risk to scenarios where attackers control image file inputs processed by affected applications.

Technical ContextAI

libexif is a widely-deployed C library for parsing EXIF metadata embedded in JPEG and other image formats, used by image viewers, editors, photo management software, and content processing pipelines. The vulnerability resides in the MakerNote parsing logic - proprietary vendor-specific EXIF extensions used by camera manufacturers. CWE-191 (Integer Underflow) occurs when exif_mnote_data_get_value performs arithmetic on a zero-size value without proper bounds checking, causing an integer wrap-around that results in a larger-than-intended memory operation. This leads to a buffer overflow condition where attacker-controlled data from a crafted image file overwrites adjacent memory regions. The CPE identifier cpe:2.3:a:libexif:libexif applies to the library itself, but exploitation impact extends to all downstream applications linking against vulnerable versions - including GNOME gThumb, KDE digiKam, GIMP, and server-side image processing services.

RemediationAI

Upgrade to libexif version newer than 0.6.25 once the maintainers release a tagged version incorporating commit 7df372e9d31d7c993a22b913c813a5f7ec4f3692, which addresses the integer underflow in exif_mnote_data_get_value. The upstream fix is available at https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692 and can be backported by Linux distributions or compiled from the main branch for immediate remediation in critical environments. Until official releases propagate through distribution channels, implement compensating controls: configure image processing applications to reject files with MakerNote tags if business logic permits (trade-off: loss of camera-specific metadata), deploy mandatory access control policies (SELinux/AppArmor) to sandbox image parsing processes with no-new-privs and restricted filesystem access (trade-off: operational complexity and potential breakage of legitimate write operations), or preprocess uploads through a separate validation service that strips EXIF data entirely using an alternative parser like exiftool or ImageMagick's identify with resource limits (trade-off: metadata loss and added latency). For server-side deployments, container isolation with minimal capabilities and read-only root filesystems mitigates post-exploitation impact but does not prevent the initial memory corruption. Monitor vendor advisories at the GitHub repository for official patch release announcements.

CVE-2017-7544 CRITICAL POC
9.1 Sep 21

libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in l

CVE-2020-13112 CRITICAL
9.1 May 21

An issue was discovered in libexif before 0.6.22. Rated critical severity (CVSS 9.1), this vulnerability is remotely exp

CVE-2012-2841 HIGH
7.5 Jul 13

Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6

CVE-2012-2814 HIGH
7.5 Jul 13

Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.

CVE-2020-13113 HIGH
8.2 May 21

An issue was discovered in libexif before 0.6.22. Rated high severity (CVSS 8.2), this vulnerability is remotely exploit

CVE-2012-2840 HIGH
7.5 Jul 13

Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif

CVE-2020-0198 HIGH
7.5 Jun 11

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. Rated high se

CVE-2020-0181 HIGH
7.5 Jun 11

In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. Rated

CVE-2020-13114 HIGH
7.5 May 21

An issue was discovered in libexif before 0.6.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploit

CVE-2012-2836 MEDIUM
6.4 Jul 13

The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remot

CVE-2012-2812 MEDIUM
6.4 Jul 13

The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows rem

CVE-2012-2813 MEDIUM
6.4 Jul 13

The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allo

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed

Share

EUVD-2026-12345 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy