Cyber Posture

CVE-2026-8813

High
Microsoft: not affectedMSmacOS: not affectedMacLinux: not affectedLnxMobile: not affectedMobNetwork: not affectedNetApplication: not affectedAppOther: affectedOth

Published: 19 May 2026

Published
19 May 2026
Modified
19 May 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0005 16.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-8813 is a high-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability in Snyk (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, ranked at the 16.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries…

more

to an array without sufficient bounds validation, causing excessive memory growth. In applications that parse attacker-supplied images, this may lead to denial of service through memory exhaustion.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-1284

Affected Products

Snyk
inferred from references and description; NVD did not file a CPE for this CVE

References