Skip to main content

Libexif

16 CVEs product

Monthly

CVE-2026-32775 HIGH PATCH This Week

Integer underflow in libexif 0.6.25 and earlier allows local attackers to overwrite memory via crafted MakerNote EXIF data in image files. The flaw occurs when exif_mnote_data_get_value receives a zero-size parameter, triggering a buffer overflow that can lead to arbitrary code execution or information disclosure. No active exploitation confirmed (CISA KEV absent), but upstream commit 7df372e exists. EPSS score of 0.01% suggests low widespread exploitation likelihood, though the high-complexity local attack vector (CVSS AV:L/AC:H) limits real-world risk to scenarios where attackers control image file inputs processed by affected applications.

Information Disclosure Integer Overflow Libexif
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2020-0198 HIGH PATCH This Week

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Integer Overflow Android Libexif +3
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2020-0181 HIGH PATCH This Week

In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Integer Overflow Android Libexif +1
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-13113 HIGH PATCH This Week

An issue was discovered in libexif before 0.6.22. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Libexif Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
8.2
EPSS
1.9%
CVE-2020-13114 HIGH PATCH This Week

An issue was discovered in libexif before 0.6.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Libexif Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-13112 CRITICAL PATCH Act Now

An issue was discovered in libexif before 0.6.22. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libexif Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
2.7%
CVE-2020-0093 MEDIUM PATCH This Month

In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android Debian Linux +3
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2020-12767 MEDIUM PATCH This Month

exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Libexif Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2017-7544 CRITICAL POC Act Now

libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libexif
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2012-2841 HIGH This Week

Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Libexif
NVD
CVSS 2.0
7.5
EPSS
5.4%
CVE-2012-2840 HIGH This Week

Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Libexif
NVD
CVSS 2.0
7.5
EPSS
2.2%
CVE-2012-2837 MEDIUM This Month

The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libexif
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2012-2836 MEDIUM This Month

The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libexif
NVD
CVSS 2.0
6.4
EPSS
2.4%
CVE-2012-2814 HIGH This Week

Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Libexif
NVD
CVSS 2.0
7.5
EPSS
4.4%
CVE-2012-2813 MEDIUM This Month

The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libexif
NVD
CVSS 2.0
6.4
EPSS
0.9%
CVE-2012-2812 MEDIUM This Month

The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libexif
NVD
CVSS 2.0
6.4
EPSS
0.9%
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Integer underflow in libexif 0.6.25 and earlier allows local attackers to overwrite memory via crafted MakerNote EXIF data in image files. The flaw occurs when exif_mnote_data_get_value receives a zero-size parameter, triggering a buffer overflow that can lead to arbitrary code execution or information disclosure. No active exploitation confirmed (CISA KEV absent), but upstream commit 7df372e exists. EPSS score of 0.01% suggests low widespread exploitation likelihood, though the high-complexity local attack vector (CVSS AV:L/AC:H) limits real-world risk to scenarios where attackers control image file inputs processed by affected applications.

Information Disclosure Integer Overflow Libexif
NVD GitHub VulDB
EPSS 4% CVSS 7.5
HIGH PATCH This Week

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Integer Overflow +5
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Integer Overflow +3
NVD
EPSS 2% CVSS 8.2
HIGH PATCH This Week

An issue was discovered in libexif before 0.6.22. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Libexif Debian Linux +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in libexif before 0.6.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Libexif Ubuntu Linux +1
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An issue was discovered in libexif before 0.6.22. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libexif +3
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure +5
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Libexif Debian Linux +2
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libexif
NVD
EPSS 5% CVSS 7.5
HIGH This Week

Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Libexif
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Libexif
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libexif
NVD
EPSS 2% CVSS 6.4
MEDIUM This Month

The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libexif
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE +1
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libexif
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libexif
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy