Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 536
Alerts This Week
Warning Icon 1 536

SUSE exiv2 Moderate DoS Integer Overflow Security Update 2026-2584-1

suse
Calendar Grey June 23, 2026
Scroller Suse
Four key vulnerabilities fixed in exiv2 security update for SUSE Linux, addressing critical issues. Install updates immediately.
An update that solves four vulnerabilities can now be installed.

Summary

## This update for exiv2 fixes the following issues * CVE-2021-34334: DoS due to integer overflow in loop counter (bsc#1189338). * CVE-2026-25884: out-of-bounds read in `CrwMap: decode0x0805` (bsc#1259083). * CVE-2026-27596: integer overflow in `LoaderNative: getData()` leads to out- of-bounds read (bsc#1259084). * CVE-2026-27631: crash due to uncaught exception when trying to create `std: vector` larger than `max_size()` (bsc#1259085). Changes for exiv2: * Minor bugs and fixes * Other improvements * exivsimple has array index errors when stripping quotes form TIFF parser,Binary array elements should be decoded using the Add option -K Key (--key Key) to specify one or more keys to "exiv2 -eX" followed by "exiv2 -iX" produces invalid XMP

References

* bsc#1189338

* bsc#1259083

* bsc#1259084

* bsc#1259085

Cross-

* CVE-2021-34334

* CVE-2026-25884

* CVE-2026-27596

* CVE-2026-27631

CVSS scores:

* CVE-2021-34334 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2021-34334 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2026-25884 ( SUSE ): 8.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2026-25884 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

* CVE-2026-25884 ( NVD ): 2.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2026-25884 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Severity
moderate
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2584-1
Release Date: 2026-06-23T13:27:50Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.