Security Advisory

CVE-2026-8814

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-05-19 05:00:09

Last updated 2026-05-19 13:11:48

Assigner snyk

State PUBLISHED

Description

Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containing a highly compressed zTXt chunk can cause ExifReader to materialize a disproportionately large Comment value in memory.

← Browse all CVEs View on cve.org ↗