There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a denial of service attack via crafted input. Product bug: https://bugzilla.redhat.com/show_bug.cgi?id=1475124
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1475370]
Created attachment 1305393 [details] Triggered by "./exiv2 $POC"