exifreader
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting exifreaderpage 1 of 1
- CVE-2026-8813HIGHCVSS 7.5EG 7.5✓ Fixed in 4.39.02026-05-19
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the sam…
- CVE-2026-8814MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.39.02026-05-19
Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When …
Check whether exifreader is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for exifreader CVEs against the assets you own.
Start Free Scan →