CVE-2026-8813
Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
19/05/2026
Last modified:
19/05/2026
Description
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficient bounds validation, causing excessive memory growth. In applications that parse attacker-supplied images, this may lead to denial of service through memory exhaustion.
Impact
Base Score 4.0
7.70
Severity 4.0
HIGH
Base Score 3.x
7.50
Severity 3.x
HIGH



