Mattias Wallander

2 exploits Active since May 2026
CVE-2026-8813 WRITEUP HIGH WRITEUP
exifreader < 4.39.0 - Denial of Service via ICC mluc Tag Parsing
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficient bounds validation, causing excessive memory growth. In applications that parse attacker-supplied images, this may lead to denial of service through memory exhaustion.
CVSS 7.5
CVE-2026-8814 WRITEUP MEDIUM WRITEUP
Exifreader < 4.39.0 - Improper Handling of Highly Compressed Data (Data Amplification)
Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containing a highly compressed zTXt chunk can cause ExifReader to materialize a disproportionately large Comment value in memory.
CVSS 5.3