exiv2 is vulnerable to buffer overflow. The vulnerability exists due to improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.
bugzilla.redhat.com/show_bug.cgi?id=1946314
lists.debian.org/debian-lts-announce/2021/08/msg00028.html
lists.fedoraproject.org/archives/list/[email protected]/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/
lists.fedoraproject.org/archives/list/[email protected]/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.13/community.yaml
www.debian.org/security/2021/dsa-4958