Multiple vulnerabilities have been found in Exiv2, the worst of which can lead to a crash via Denial of Service. Affected packages Package media-gfx/exiv2 on all architectures Affected versions < 0.28.8 Unaffected versions >= 0.28.8 Background Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images. Description The following vulnerabilities have been discovered in Exiv2: 2 out of bounds reads, an integer overflow, and an uncaught exception. The worst of which can lead to a Denial of Service via a crash of the program. Please review the CVE identifiers referenced below for details. Impact The following is a possible outcome: data leakage via an out-of-bounds read or a Denial of Service via a crash of the program. Workaround Avoid using the CLI tool, exiv2, with untrusted files. Resolution All Exiv2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.28.8" References CVE-2024-39695 CVE-2026-25884 CVE-2026-27596 CVE-2026-27631 GHSA-3wgv-fg4w-75x7 GHSA-9mxq-4j5g-5wrp GHSA-p2pw-7935-c73j Release date March 09, 2026 Latest revision March 09, 2026: 1 Severity low Exploitable remote Bugzilla entries 942164 970828