CVE-2025-32025

Vulnerability Description

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by their input data type, which could lead to potentially large memory allocation, and unreasonably high for image metadata. Before v0.11.0, If you didn't trust the input images, this could be abused to construct denial-of-service attacks. v0.11.0 added a 10 MB upper limit.

Related Weaknesses (CWE)

References

• https://github.com/bep/imagemeta/commit/ee0de9b029f4e82106729f69559f27c9a404229d
• https://github.com/bep/imagemeta/security/advisories/GHSA-fmhh-rw3h-785m

FAQ

What is CVE-2025-32025?

CVE-2025-32025 is a documented vulnerability. bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The buffer created for parsing metadata for PNG and WebP images was only bounded by t...

How severe is CVE-2025-32025?

CVSS scoring is not yet available for CVE-2025-32025. Check NVD for updates.

Is there a patch for CVE-2025-32025?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.