PatchSiren

ExifReader CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM ExifReader CVE published 2026-05-19

CVE-2026-8814

CVE-2026-8814 documents a data amplification vulnerability in ExifReader, a JavaScript library for reading image metadata. Versions prior to 4.39.0 fail to enforce maximum decompressed output size limits when handling PNG zTXt (compressed text) metadata chunks. When asynchronous parsing is enabled, a crafted PNG file containing a highly compressed zTXt chunk can trigger disproportionate memory consumption [truncated]