AZL-78527

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78527.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-78527

Upstream

CVE-2026-27631

Published

2026-03-02T20:16:27Z

Modified

2026-04-01T05:23:16.131536Z

Summary

CVE-2026-27631 affecting package exiv2 0.28.3-1

Details

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-27631

Affected packages

Azure Linux:3 / exiv2

Package

Name: exiv2
Purl: pkg:rpm/azure-linux/exiv2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.28.3-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78527.json"