CVE-2026-8814 – ExifReader PNG zTXt Data Amplification Vulnerability

CVE ID :CVE-2026-8814

Published : May 19, 2026, 5 a.m. | 2 hours ago

Description :Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containing a highly compressed zTXt chunk can cause ExifReader to materialize a disproportionately large Comment value in memory.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…