libexif is vulnerable to arbitrary code execution. The vulnerability exists through an out of bounds write due to an integer overflow in exif-entry.c.
access.redhat.com/errata/RHSA-2020:5393
access.redhat.com/security/updates/classification/#important
lists.fedoraproject.org/archives/list/[email protected]/message/ELDZR6USD5PR34MRK2ZISLCYJ465FNKN/
lists.fedoraproject.org/archives/list/[email protected]/message/SVBD5JRUQPN4LQHTAAJHA3MR5M7YTAC7/
security.gentoo.org/glsa/202011-19
source.android.com/security/bulletin/2020-11-01