Exiv2 is vulnerable to information disclosure. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file.
github.com/Exiv2/exiv2/pull/1627
github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
lists.fedoraproject.org/archives/list/[email protected]/message/5I3RRZUGSBIUYZ5TIHLN55PKMAWCSJ5G/
lists.fedoraproject.org/archives/list/[email protected]/message/M2BPQNJKTRIDINTVJ22QMMTIZEPHVKXK/
lists.fedoraproject.org/archives/list/[email protected]/message/RQAKFIQHW2AS3AGSJM42ABOA6CWIJBGM/
lists.fedoraproject.org/archives/list/[email protected]/message/TZ5SGWHK64TB7ADRSVBGHEPDFN5CSOO3/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.13/community.yaml