CVE-2026-27596
Published: 02 March 2026
Summary
CVE-2026-27596 is a low-severity Out-of-bounds Read (CWE-125) vulnerability in Exiv2 Exiv2. Its CVSS base score is 2.7 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 19.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-27596 is an out-of-bounds read vulnerability (CWE-125, CWE-191) in the preview component of Exiv2, a C++ library and command-line utility for reading, writing, deleting, and modifying Exif, IPTC, XMP, and ICC image metadata. The flaw affects Exiv2 versions prior to 0.28.8 and manifests as a read operation at a 4GB offset, which typically results in a crash.
The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over a network with low complexity, no privileges, and no user interaction. Attackers can trigger it by supplying a malicious image file to a target system running the Exiv2 command-line utility with a specific argument such as -pp, achieving denial-of-service through application termination.
Exiv2 developers patched the issue in version 0.28.8. Official references include the fixing commit at https://github.com/Exiv2/exiv2/commit/eaa9e21aabe06b3f91cfe66686f5ebc3ca3c0ed4, the issue report at https://github.com/Exiv2/exiv2/issues/3511, the pull request at https://github.com/Exiv2/exiv2/pull/3512, and the security advisory at https://github.com/Exiv2/exiv2/security/advisories/GHSA-3wgv-fg4w-75x7.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-9262
Vulnerability details
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component,…
more
which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds read in Exiv2 preview component causes application crash/DoS when a malicious image is processed via CLI; directly matches Application or System Exploitation sub-technique for endpoint denial of service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Mandates timely flaw remediation by applying patches, directly addressing this out-of-bounds read vulnerability fixed in Exiv2 version 0.28.8.
Implements memory protection mechanisms like address space layout randomization and stack canaries to mitigate the impact of out-of-bounds reads in the Exiv2 preview component.
Requires validation of information inputs such as malicious image files to block the malformed metadata that triggers the 4GB offset out-of-bounds read.