{"package":"exiv2","ecosystem":"conda","latest_version":"0.28.8","description":"Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata","license":"GPL-2.0-or-later","license_risk":"unknown","commercial_use_notes":"verify manually — license not parseable / not declared.","homepage":"https://www.exiv2.org/","repository":"https://github.com/Exiv2/exiv2","downloads_weekly":870,"health":{"score":62,"risk":"moderate","breakdown":{"maintenance":20,"popularity":3,"security":20,"maturity":12,"community":7},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":1,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2023-44398","severity":"high","summary":"Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can","affected_versions":"<e884a0955359107f4031c74a07406df7e99929a5|=0.1|=0.11.0|=0.11.1|=0.11.2|=0.11.3|=0.12.0|=0.12.1|=0.13.0|=0.13.1|=0.13.2|=0.14.0|=0.14.1|=0.2|=0.3|=0.3.1|=0.15.0|=0.16.0|=0.16.1|=0.16.2|=0.16.2.post1|=0.16.3|=0.16.3.post1|=0.17.0|=0.17.1|=0.17.2|=0.17.3|=0.17.4|=0.17.5","fixed_version":"e884a0955359107f4031c74a07406df7e99929a5","source":"osv","published_at":"2023-11-06T18:15:00Z","in_kev":false,"epss_prob":0.00473,"epss_percentile":0.6477,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"0.28.8","total_count":13,"recent":["0.27.1","v0.27.2","v0.27.3","0.27.3","0.27.5","0.27.6","0.28.2","0.28.3","0.28.4","0.28.5","0.28.6","0.28.7","0.28.8"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2020-07-01 23:42:50.370000+00:00","last_published":"2026-03-01 23:09:53.182000+00:00","dependencies_count":0,"dependencies":[]},"github_stats":{"stars":1124,"forks":317,"open_issues":205,"is_archived":false,"pushed_at":"2026-04-22T15:51:53Z","subscribers_count":23},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["1 high severity vulnerabilities"],"use_version":"0.28.8","version_hint":"Update to >= e884a0955359107f4031c74a07406df7e99929a5 to fix known vulnerabilities","summary":"exiv2@0.28.8 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":942,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":13,"first_release_age_days":2127,"last_release_days_ago":58,"avg_days_between_releases":177,"release_velocity":"active"}}