libexiv2.so is vulnerable to denial of service. The Exiv2::IptcData::printStructure
function in iptc.cpp
related to the != 0x1c
case, is affected with a heap-based over-read which would allow a remote attacker to cause a denial of service condition via a crafted TIFF file.
access.redhat.com/errata/RHSA-2019:2101
bugzilla.redhat.com/show_bug.cgi?id=1524107
github.com/Exiv2/exiv2/commit/ae0bfa44dfeb79dbf3431f49512305a9ef145eab
github.com/Exiv2/exiv2/issues/210
github.com/Exiv2/exiv2/issues/263
github.com/Exiv2/exiv2/pull/180
github.com/xiaoqx/pocs/blob/master/exiv2/readme.md
security.gentoo.org/glsa/201811-14