Is exiv2 safe to use?

exiv2 has 1 known vulnerabilities on the latest version (0.28.8). DepScope rates its health at 57/100 (high risk).

What is the latest version of exiv2?

The latest version of exiv2 is 0.28.8, released 2026-03-01.

Yes. exiv2 has 1 known vulnerabilities. See depscope.dev/pkg/conda/exiv2 for details.

No, exiv2 is actively maintained. Latest release: 0.28.8 (2026-03-01).

DepScope has no curated alternatives for exiv2 at this time.

exiv2 is licensed under GPL-2.0-or-later.

condav0.28.8

Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata

License GPL-2.0-or-later13 versions1 maintainers0 deps870 weekly dl

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Update to >= e884a0955359107f4031c74a07406df7e99929a5 to fix known vulnerabilities

Health breakdown0 – 100

20/25

maintenance

3/20

popularity

20/25

security

12/15

maturity

2/15

community

Vulnerabilities

1 high

Advisories (1)

Severity	ID	Summary	Fixed in
high	CVE-2023-44398	Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can	e884a0955359107f4031c74a07406df7e99929a5

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/conda/exiv2

First published · 2020-07-01 23:42:50.370000+00:00

Last updated · 2026-03-01 23:09:53.182000+00:00