Exiv2 teams reports:
+++ +Multiple vulnerabilities covering buffer overflows, out-of-bounds, + read of uninitialized memory and denial of serivce. The heap + overflow is triggered when Exiv2 is used to read the metadata of + a crafted image file. An attacker could potentially exploit the + vulnerability to gain code execution, if they can trick the victim + into running Exiv2 on a crafted image file. The out-of-bounds read + is triggered when Exiv2 is used to write metadata into a crafted + image file. An attacker could potentially exploit the vulnerability + to cause a denial of service by crashing Exiv2, if they can trick + the victim into running Exiv2 on a crafted image file. The read of + uninitialized memory is triggered when Exiv2 is used to read the + metadata of a crafted image file. An attacker could potentially + exploit the vulnerability to leak a few bytes of stack memory, if + they can trick the victim into running Exiv2 on a crafted image + file.
+