EPSS
Percentile
62.0%
exiv2 is vulnerable to denial of service. The vulnerability exists due to a heap-based buffer overflow in Exiv2::ul2Data in types.cpp which allows an atccket to crash the application via malicious input.
Exiv2::ul2Data
types.cpp
lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index
access.redhat.com/errata/RHSA-2020:1577
access.redhat.com/security/updates/classification/#moderate
github.com/Exiv2/exiv2/issues/455