Primary

Context

Bep Imagemeta Denial-of-Service Vulnerability Due to Unrestricted EXIF Data Processing

Vulnerability

A denial-of-service vulnerability has been identified in the Bep Imagemeta library, prior to version 0.10.0. The issue arises from the library's handling of EXIF data, which can be manipulated to create excessively large data structures within small payloads. This vulnerability can be exploited to cause denial-of-service conditions, particularly if the input images are not trusted.

Impact

Exploitation of this vulnerability allows for denial-of-service attacks, where the application can be made unresponsive or excessively delayed, disrupting normal operations.

Remediation

Users can upgrade to Bep Imagemeta version 0.10.0 or later, which includes options to limit the number of tags processed and the size of tag values read. Instructions for updating can be found in the Bep Imagemeta repository on GitHub.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bep Imagemeta Denial-of-Service Vulnerability Due to Unrestricted EXIF Data Processing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating