SUSE exiv2 Moderate DoS Integer Overflow Security Update 2026-2584-1

suse

June 23, 2026

An update that solves four vulnerabilities can now be installed.

Summary

## This update for exiv2 fixes the following issues * CVE-2021-34334: DoS due to integer overflow in loop counter (bsc#1189338). * CVE-2026-25884: out-of-bounds read in `CrwMap: decode0x0805` (bsc#1259083). * CVE-2026-27596: integer overflow in `LoaderNative: getData()` leads to out- of-bounds read (bsc#1259084). * CVE-2026-27631: crash due to uncaught exception when trying to create `std: vector` larger than `max_size()` (bsc#1259085). Changes for exiv2: * Minor bugs and fixes * Other improvements * exivsimple has array index errors when stripping quotes form TIFF parser,Binary array elements should be decoded using the Add option -K Key (--key Key) to specify one or more keys to "exiv2 -eX" followed by "exiv2 -iX" produces invalid XMP

Topics Covered

security advisory moderate SuSE DoS integer overflow exiv2

References

* bsc#1189338

* bsc#1259083

* bsc#1259084

* bsc#1259085

Cross-

* CVE-2021-34334

* CVE-2026-25884

* CVE-2026-27596

* CVE-2026-27631

CVSS scores:

* CVE-2021-34334 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2021-34334 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2026-25884 ( SUSE ): 8.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2026-25884 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

* CVE-2026-25884 ( NVD ): 2.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2026-25884 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Severity

moderate

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2026:2584-1

Release Date: 2026-06-23T13:27:50Z

Rating: moderate

Topics Covered

security advisory moderate SuSE DoS integer overflow exiv2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

SUSE exiv2 Moderate DoS Integer Overflow Security Update 2026-2584-1

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

SUSE exiv2 Moderate DoS Integer Overflow Security Update 2026-2584-1

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!