Cyber Resilience

CVE-2026-27596

Low

Published: 02 March 2026

Published
02 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v4 2.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 19.3th percentile
Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27596 is a low-severity Out-of-bounds Read (CWE-125) vulnerability in Exiv2 Exiv2. Its CVSS base score is 2.7 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 19.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-27596 is an out-of-bounds read vulnerability (CWE-125, CWE-191) in the preview component of Exiv2, a C++ library and command-line utility for reading, writing, deleting, and modifying Exif, IPTC, XMP, and ICC image metadata. The flaw affects Exiv2 versions prior to 0.28.8 and manifests as a read operation at a 4GB offset, which typically results in a crash.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over a network with low complexity, no privileges, and no user interaction. Attackers can trigger it by supplying a malicious image file to a target system running the Exiv2 command-line utility with a specific argument such as -pp, achieving denial-of-service through application termination.

Exiv2 developers patched the issue in version 0.28.8. Official references include the fixing commit at https://github.com/Exiv2/exiv2/commit/eaa9e21aabe06b3f91cfe66686f5ebc3ca3c0ed4, the issue report at https://github.com/Exiv2/exiv2/issues/3511, the pull request at https://github.com/Exiv2/exiv2/pull/3512, and the security advisory at https://github.com/Exiv2/exiv2/security/advisories/GHSA-3wgv-fg4w-75x7.

EU & UK References

Vulnerability details

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component,…

more

which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Out-of-bounds read in Exiv2 preview component causes application crash/DoS when a malicious image is processed via CLI; directly matches Application or System Exploitation sub-technique for endpoint denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-25884Same product: Exiv2 Exiv2
CVE-2025-26623Same product: Exiv2 Exiv2
CVE-2026-23388Shared CWE-125
CVE-2025-24265Shared CWE-125
CVE-2026-25532Shared CWE-191
CVE-2025-21717Shared CWE-125
CVE-2026-34064Shared CWE-191
CVE-2026-6918Shared CWE-125
CVE-2026-25942Shared CWE-125
CVE-2024-46670Shared CWE-125

Affected Assets

exiv2
exiv2
≤ 0.28.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates timely flaw remediation by applying patches, directly addressing this out-of-bounds read vulnerability fixed in Exiv2 version 0.28.8.

prevent

Implements memory protection mechanisms like address space layout randomization and stack canaries to mitigate the impact of out-of-bounds reads in the Exiv2 preview component.

prevent

Requires validation of information inputs such as malicious image files to block the malformed metadata that triggers the 4GB offset out-of-bounds read.

References