CVE-2026-8814 – ExifReader PNG zTXt Data Amplification Vulnerability

CVE ID :CVE-2026-8814

Published : May 19, 2026, 5 a.m. | 2 hours ago

Description :Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containing a highly compressed zTXt chunk can cause ExifReader to materialize a disproportionately large Comment value in memory.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-8830 – Keycloak: org.keycloak/keycloak-services: keycloak: policy bypass during webauthn credential registration via client-side javascript manipulation

CVE-2025-15609 – Fortis For WooCommerce < 1.3.1 – Sensitive API Key Disclosure

CVE-2026-47308 – Samsung Open Source Walrus NULL Pointer Dereference Vulnerability

CVE-2026-32994 – Slack API Autotranslate Message ID Information Disclosure Vulnerability